announcement of the rescheduled directory meeting in Flagstaff
"Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> Mon, 01 October 2001 03:52 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA04820 for <pkix-archive@odin.ietf.org>; Sun, 30 Sep 2001 23:52:09 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f912mb829044 for ietf-pkix-bks; Sun, 30 Sep 2001 19:48:37 -0700 (PDT)
Received: from phnxpop4.phnx.uswest.net (phnxpop4.phnx.uswest.net [206.80.192.4]) by above.proper.com (8.11.6/8.11.3) with SMTP id f912mZD29039 for <ietf-pkix@imc.org>; Sun, 30 Sep 2001 19:48:35 -0700 (PDT)
Received: (qmail 2449 invoked by alias); 1 Oct 2001 02:48:32 -0000
Delivered-To: fixup-ietf-pkix@imc.org@fixme
Received: (qmail 2273 invoked by uid 0); 1 Oct 2001 02:48:27 -0000
Received: from wdialup111.phnx.uswest.net (HELO ?192.168.0.2?) (209.181.129.111) by phnxpop4.phnx.uswest.net with SMTP; 1 Oct 2001 02:48:27 -0000
Mime-Version: 1.0
X-Sender: hoytkesterson@mail.earthlink.net
Message-Id: <a05100302b7dd85d0f234@[192.168.0.2]>
Date: Sun, 30 Sep 2001 19:42:53 -0700
To: "X.509":;, IETF LDAP <ietf-ldapext@netscape.com>, SC6 Staff:;, Boguslaw Georges Sebek <sebek@itu.int>, "Bertine, Herbert V (Herbert" <hbertine@lucent.com>
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
Subject: announcement of the rescheduled directory meeting in Flagstaff
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
hello all
The announcement of the rescheduled Flagstaff meeting is at
ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/announcementRev3.pdf
The major differences in the announcement are;
The date is 12 - 16 November 2001
The agenda is changed - e.g., work on X.509/part 8 is now on 12 and 13 November
Reservations must be made by 20 October. The room rate is lowered to
$90 but it will be colder.
Additional input documents are identified.
Travel directions from Las Vegas to the hotel are included. Several
people found that it was less expensive to book a flight to Las Vegas
than to Phoenix.
As before, the input documents for this meeting can be found at
ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/InputDocuments/ and
ftp://ftp.bull.com/pub/OSIdirectory/Geneva2001Output/
hoyt
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f912mb829044 for ietf-pkix-bks; Sun, 30 Sep 2001 19:48:37 -0700 (PDT)
Received: from phnxpop4.phnx.uswest.net (phnxpop4.phnx.uswest.net [206.80.192.4]) by above.proper.com (8.11.6/8.11.3) with SMTP id f912mZD29039 for <ietf-pkix@imc.org>; Sun, 30 Sep 2001 19:48:35 -0700 (PDT)
Received: (qmail 2449 invoked by alias); 1 Oct 2001 02:48:32 -0000
Delivered-To: fixup-ietf-pkix@imc.org@fixme
Received: (qmail 2273 invoked by uid 0); 1 Oct 2001 02:48:27 -0000
Received: from wdialup111.phnx.uswest.net (HELO ?192.168.0.2?) (209.181.129.111) by phnxpop4.phnx.uswest.net with SMTP; 1 Oct 2001 02:48:27 -0000
Mime-Version: 1.0
X-Sender: hoytkesterson@mail.earthlink.net
Message-Id: <a05100302b7dd85d0f234@[192.168.0.2]>
Date: Sun, 30 Sep 2001 19:42:53 -0700
To: "X.509":;, IETF LDAP <ietf-ldapext@netscape.com>, SC6 Staff:;, Boguslaw Georges Sebek <sebek@itu.int>, "Bertine, Herbert V (Herbert" <hbertine@lucent.com>
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
Subject: announcement of the rescheduled directory meeting in Flagstaff
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
hello all
The announcement of the rescheduled Flagstaff meeting is at
ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/announcementRev3.pdf
The major differences in the announcement are;
The date is 12 - 16 November 2001
The agenda is changed - e.g., work on X.509/part 8 is now on 12 and 13 November
Reservations must be made by 20 October. The room rate is lowered to
$90 but it will be colder.
Additional input documents are identified.
Travel directions from Las Vegas to the hotel are included. Several
people found that it was less expensive to book a flight to Las Vegas
than to Phoenix.
As before, the input documents for this meeting can be found at
ftp://ftp.bull.com/pub/OSIdirectory/Flagstaff2001/InputDocuments/ and
ftp://ftp.bull.com/pub/OSIdirectory/Geneva2001Output/
hoyt
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8PBSpU02871 for ietf-pkix-bks; Tue, 25 Sep 2001 04:28:51 -0700 (PDT)
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8PBSnD02866 for <ietf-pkix@imc.org>; Tue, 25 Sep 2001 04:28:49 -0700 (PDT)
Received: from santesson.addtrust.com ([192.168.101.132]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 25 Sep 2001 13:28:43 +0200
Message-Id: <5.0.0.25.2.20010925131541.02b0ed98@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Tue, 25 Sep 2001 13:28:51 +0200
To: Stephen Kent <kent@bbn.com>
From: Stefan Santesson <stefan@addtrust.com>
Subject: Re: Logos: objection to charter revisions
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
In-Reply-To: <p05010406b7d4ef12868c@[128.33.84.34]>
References: <5.0.0.25.2.20010924140544.02c49af0@mail.addtrust.com> <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.a u> <5.0.0.25.2.20010924094912.02c35b38@mail.addtrust.com> <5.0.0.25.2.20010924140544.02c49af0@mail.addtrust.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-OriginalArrivalTime: 25 Sep 2001 11:28:43.0906 (UTC) FILETIME=[3BE0A620:01C145B5]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve,
Thanks for the clarifications. I agree in general to everything you say.
Speking of users trust in a CA I wander though what mechanisms users have
to quantify trust in the certificate and it's content (including
extensions) after passing the validation mechanisms performed according to
local policy.
Is the user (human person) supposed to know what kind of extension data
that this particular CA is trusted to certify?
Havn't we failed if we are forced to use such assumtions?
Isn't it fair to require all cross certifying CA's to make sure that the
CA's they cross certify have agreed to behave in such was that the user can
perform an "unqualified act of trust"?
Do you have any suggestions regarding how to contrain CA's use of
extensions and their content?
/Stefan
At 10:19 2001-09-24 -0400, Stephen Kent wrote:
>Stefan,
>
>
>><snip>
>
>
>
>>Now, the concern here is if a CA issues a certificate with false logos,
>>inconsistent with the present names. Could a user be fooled?
>>Yes of course would a user be fooled, but the flaw is not in the logotype
>>presence. The flaw is that your validation processing allows trust in a
>>bad CA. And if you have allowed trust in such CA, logos are the least of
>>your problems.
>
>In fairness, your characterization seems to be based on the assumption
>that acceptance of certs issued by a CA represents an unqualified act of
>trust. This may be the case for public CAs, but it is not for
>organizational CAs, for example. We have the name constraints extension to
>allow us to control the space of names that we will accept from CAs we
>cross certify. So we already have mechanisms to avoid the need to trust
>completely every CA that we cross certify.
>
>>In the end, the self regulating factor is also that nobody can issue
>>certificates with bad information and hide from that fact. A bad CA,
>>which isn't living up to its decalred practices, will soon be out of
>>business and sued up to its ears.
>
>Yes, but wherever possible we like to impose technical constraints on CA
>behavior, not just rely on remedial, legal, actions. The question is to
>what extent can we do that with the proposed logotype extension?
>
>>I understand the fear for things we can not control, but names and logos
>>are simply such things. Its use and trust in them must be handled by the
>>market of CA's, not in a standards body.
>
>But, as noted above, we DO have some ability to control bad names.
>
>>But as I said. The protocol issues are standards work. Lets assume our
>>responsibility and provide solid tools needed by the market, and make
>>them good and globally interoperable.
>>
>>Whether you like it or not. So far, all major market players I have
>>talked to (and they are many), including members of the European CA forum
>>(ECAF) and including the mobile world, wants and needs logos. Lets not
>>hide from this fact in our own little dream world. Lets accept the
>>challenge instead.
>
>Endorsements from vendors and vendor fora of this sort have never been an
>acceptable justification for our adopting a proposed mechanism. It's
>appropriate to cite such interest to justify spending the WG's time on
>this proposed work item, but it does not mean that we will create a
>standard based on such endorsements. This WG, like all others in the IETF,
>is composed of individual technical contributors who represent themselves
>in discussions and who strive to persuade other WG members of the
>technical merits of protocols that are offered as standards.
>
>Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8ONKUv20062 for ietf-pkix-bks; Mon, 24 Sep 2001 16:20:30 -0700 (PDT)
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8ONKSD20058 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 16:20:28 -0700 (PDT)
Received: from [128.33.238.23] (TC023.BBN.COM [128.33.238.23]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id TAA29906; Mon, 24 Sep 2001 19:20:20 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com (Unverified)
Message-Id: <p05010407b7d55ee5ade5@[128.33.238.91]>
In-Reply-To: <OFB8E2B2DA.80D766F2-ON85256AD1.0062BE0C@pok.ibm.com>
References: <OFB8E2B2DA.80D766F2-ON85256AD1.0062BE0C@pok.ibm.com>
Date: Mon, 24 Sep 2001 18:14:42 -0400
To: "Tom Gindin" <tgindin@us.ibm.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Logos: objection to charter revisions
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 2:03 PM -0400 9/24/01, Tom Gindin wrote:
> While I am not sure that Steve proposed that individuals issue
>cross-certs in his posting, I would like to record my view that allowing an
>RP to extend trust to a specific root CA with restrictions similar to the
>constraints extensions is a desirable feature in an API. Since IMHO this
>is basically an API issue, I'm not sure that it's within PKIX's scope.
>
> Tom Gindin
>
Right. I did not say anything about "individuals" issuing cross
certs. I referred to organizational CAs, e.g., certified by other
such CAs, or by bridge CAs, etc.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8OI5Np13880 for ietf-pkix-bks; Mon, 24 Sep 2001 11:05:23 -0700 (PDT)
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.102]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8OI5LD13873 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 11:05:21 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e2.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id OAA116122; Mon, 24 Sep 2001 14:02:44 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f8OHtUZ226922; Mon, 24 Sep 2001 13:55:31 -0400
Importance: Normal
Subject: RE: Logos: objection to charter revisions
To: Peter Williams <peterw@valicert.com>
Cc: "'Stephen Kent'" <kent@bbn.com>, Stefan Santesson <stefan@addtrust.com>, "PKIX (E-mail)" <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OFB8E2B2DA.80D766F2-ON85256AD1.0062BE0C@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Mon, 24 Sep 2001 14:03:54 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/24/2001 02:03:47 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
While I am not sure that Steve proposed that individuals issue
cross-certs in his posting, I would like to record my view that allowing an
RP to extend trust to a specific root CA with restrictions similar to the
constraints extensions is a desirable feature in an API. Since IMHO this
is basically an API issue, I'm not sure that it's within PKIX's scope.
Tom Gindin
Peter Williams <peterw@valicert.com>@mail.imc.org on 09/24/2001 11:36:46 AM
Sent by: owner-ietf-pkix@mail.imc.org
To: "'Stephen Kent'" <kent@bbn.com>, Stefan Santesson
<stefan@addtrust.com>
cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: RE: Logos: objection to charter revisions
Steve proposed that individuals be
able to issue cross-certificates
to limit, by virtue of the name
constraints, the degree to which
trust is helf in a given CA, acting
in support of some secure interworking activity.
-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com]
Sent: Monday, September 24, 2001 7:20 AM
To: Stefan Santesson
Cc: PKIX (E-mail)
Subject: Re: Logos: objection to charter revisions
Stefan,
><snip>
>Now, the concern here is if a CA issues a certificate with false
>logos, inconsistent with the present names. Could a user be fooled?
>Yes of course would a user be fooled, but the flaw is not in the
>logotype presence. The flaw is that your validation processing
>allows trust in a bad CA. And if you have allowed trust in such CA,
>logos are the least of your problems.
In fairness, your characterization seems to be based on the
assumption that acceptance of certs issued by a CA represents an
unqualified act of trust. This may be the case for public CAs, but
it is not for organizational CAs, for example. We have the name
constraints extension to allow us to control the space of names that
we will accept from CAs we cross certify. So we already have
mechanisms to avoid the need to trust completely every CA that we
cross certify.
>In the end, the self regulating factor is also that nobody can issue
>certificates with bad information and hide from that fact. A bad CA,
>which isn't living up to its decalred practices, will soon be out of
>business and sued up to its ears.
Yes, but wherever possible we like to impose technical constraints on
CA behavior, not just rely on remedial, legal, actions. The question
is to what extent can we do that with the proposed logotype extension?
>I understand the fear for things we can not control, but names and
>logos are simply such things. Its use and trust in them must be
>handled by the market of CA's, not in a standards body.
But, as noted above, we DO have some ability to control bad names.
>But as I said. The protocol issues are standards work. Lets assume
>our responsibility and provide solid tools needed by the market, and
>make them good and globally interoperable.
>
>Whether you like it or not. So far, all major market players I have
>talked to (and they are many), including members of the European CA
>forum (ECAF) and including the mobile world, wants and needs logos.
>Lets not hide from this fact in our own little dream world. Lets
>accept the challenge instead.
Endorsements from vendors and vendor fora of this sort have never
been an acceptable justification for our adopting a proposed
mechanism. It's appropriate to cite such interest to justify
spending the WG's time on this proposed work item, but it does not
mean that we will create a standard based on such endorsements. This
WG, like all others in the IETF, is composed of individual technical
contributors who represent themselves in discussions and who strive
to persuade other WG members of the technical merits of protocols
that are offered as standards.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8OFi1J05723 for ietf-pkix-bks; Mon, 24 Sep 2001 08:44:01 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8OFhxD05716 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 08:43:59 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GK600401BQFOM@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 24 Sep 2001 08:44:39 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GK6004H3BQF2E@ext-mail.valicert.com>; Mon, 24 Sep 2001 08:44:39 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT36R76>; Mon, 24 Sep 2001 08:36:47 -0700
Content-return: allowed
Date: Mon, 24 Sep 2001 08:36:46 -0700
From: Peter Williams <peterw@valicert.com>
Subject: RE: Logos: objection to charter revisions
To: "'Stephen Kent'" <kent@bbn.com>, Stefan Santesson <stefan@addtrust.com>
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A35B@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve proposed that individuals be
able to issue cross-certificates
to limit, by virtue of the name
constraints, the degree to which
trust is helf in a given CA, acting
in support of some secure interworking activity.
-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com]
Sent: Monday, September 24, 2001 7:20 AM
To: Stefan Santesson
Cc: PKIX (E-mail)
Subject: Re: Logos: objection to charter revisions
Stefan,
><snip>
>Now, the concern here is if a CA issues a certificate with false
>logos, inconsistent with the present names. Could a user be fooled?
>Yes of course would a user be fooled, but the flaw is not in the
>logotype presence. The flaw is that your validation processing
>allows trust in a bad CA. And if you have allowed trust in such CA,
>logos are the least of your problems.
In fairness, your characterization seems to be based on the
assumption that acceptance of certs issued by a CA represents an
unqualified act of trust. This may be the case for public CAs, but
it is not for organizational CAs, for example. We have the name
constraints extension to allow us to control the space of names that
we will accept from CAs we cross certify. So we already have
mechanisms to avoid the need to trust completely every CA that we
cross certify.
>In the end, the self regulating factor is also that nobody can issue
>certificates with bad information and hide from that fact. A bad CA,
>which isn't living up to its decalred practices, will soon be out of
>business and sued up to its ears.
Yes, but wherever possible we like to impose technical constraints on
CA behavior, not just rely on remedial, legal, actions. The question
is to what extent can we do that with the proposed logotype extension?
>I understand the fear for things we can not control, but names and
>logos are simply such things. Its use and trust in them must be
>handled by the market of CA's, not in a standards body.
But, as noted above, we DO have some ability to control bad names.
>But as I said. The protocol issues are standards work. Lets assume
>our responsibility and provide solid tools needed by the market, and
>make them good and globally interoperable.
>
>Whether you like it or not. So far, all major market players I have
>talked to (and they are many), including members of the European CA
>forum (ECAF) and including the mobile world, wants and needs logos.
>Lets not hide from this fact in our own little dream world. Lets
>accept the challenge instead.
Endorsements from vendors and vendor fora of this sort have never
been an acceptable justification for our adopting a proposed
mechanism. It's appropriate to cite such interest to justify
spending the WG's time on this proposed work item, but it does not
mean that we will create a standard based on such endorsements. This
WG, like all others in the IETF, is composed of individual technical
contributors who represent themselves in discussions and who strive
to persuade other WG members of the technical merits of protocols
that are offered as standards.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8OEMnM29143 for ietf-pkix-bks; Mon, 24 Sep 2001 07:22:49 -0700 (PDT)
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8OEMmD29138 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 07:22:48 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id KAA13790; Mon, 24 Sep 2001 10:22:02 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010406b7d4ef12868c@[128.33.84.34]>
In-Reply-To: <5.0.0.25.2.20010924140544.02c49af0@mail.addtrust.com>
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.a u> <5.0.0.25.2.20010924094912.02c35b38@mail.addtrust.com> <5.0.0.25.2.20010924140544.02c49af0@mail.addtrust.com>
Date: Mon, 24 Sep 2001 10:19:45 -0400
To: Stefan Santesson <stefan@addtrust.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: Logos: objection to charter revisions
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Stefan,
><snip>
>Now, the concern here is if a CA issues a certificate with false
>logos, inconsistent with the present names. Could a user be fooled?
>Yes of course would a user be fooled, but the flaw is not in the
>logotype presence. The flaw is that your validation processing
>allows trust in a bad CA. And if you have allowed trust in such CA,
>logos are the least of your problems.
In fairness, your characterization seems to be based on the
assumption that acceptance of certs issued by a CA represents an
unqualified act of trust. This may be the case for public CAs, but
it is not for organizational CAs, for example. We have the name
constraints extension to allow us to control the space of names that
we will accept from CAs we cross certify. So we already have
mechanisms to avoid the need to trust completely every CA that we
cross certify.
>In the end, the self regulating factor is also that nobody can issue
>certificates with bad information and hide from that fact. A bad CA,
>which isn't living up to its decalred practices, will soon be out of
>business and sued up to its ears.
Yes, but wherever possible we like to impose technical constraints on
CA behavior, not just rely on remedial, legal, actions. The question
is to what extent can we do that with the proposed logotype extension?
>I understand the fear for things we can not control, but names and
>logos are simply such things. Its use and trust in them must be
>handled by the market of CA's, not in a standards body.
But, as noted above, we DO have some ability to control bad names.
>But as I said. The protocol issues are standards work. Lets assume
>our responsibility and provide solid tools needed by the market, and
>make them good and globally interoperable.
>
>Whether you like it or not. So far, all major market players I have
>talked to (and they are many), including members of the European CA
>forum (ECAF) and including the mobile world, wants and needs logos.
>Lets not hide from this fact in our own little dream world. Lets
>accept the challenge instead.
Endorsements from vendors and vendor fora of this sort have never
been an acceptable justification for our adopting a proposed
mechanism. It's appropriate to cite such interest to justify
spending the WG's time on this proposed work item, but it does not
mean that we will create a standard based on such endorsements. This
WG, like all others in the IETF, is composed of individual technical
contributors who represent themselves in discussions and who strive
to persuade other WG members of the technical merits of protocols
that are offered as standards.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8OCopu25048 for ietf-pkix-bks; Mon, 24 Sep 2001 05:50:51 -0700 (PDT)
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8OComD25044 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 05:50:48 -0700 (PDT)
Received: from santesson.addtrust.com ([192.168.101.132]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 24 Sep 2001 14:50:42 +0200
Message-Id: <5.0.0.25.2.20010924140544.02c49af0@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 24 Sep 2001 14:50:49 +0200
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stefan Santesson <stefan@addtrust.com>
Subject: Re: Logos: objection to charter revisions
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
In-Reply-To: <3BAEFD31.42BD5B9D@bull.net>
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au> <5.0.0.25.2.20010924094912.02c35b38@mail.addtrust.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_21470683==_.ALT"
X-OriginalArrivalTime: 24 Sep 2001 12:50:42.0359 (UTC) FILETIME=[85174470:01C144F7]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--=====================_21470683==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
Denis,
3 Issues:
1) Should logos be checked by automatic processing?
No. Logotypes can't be processed as part of certificate validation
processing, with one exception which is the binary "allowed" or "not
allowed" local policy.
2) What logotypes should be displayed in a chain of certificates?
This is up to applications to decide but in general: When you view a
certificate, only the logos of that certificate is displayed. If you view a
chain, then normally that view doesn't show certificate details and would
not show any logo at all. Future applications may however show logotypes
for each certificate as they display a chain but when displaying a single
certificate i doubt that any other logos will be displayed.
3) Is there a conflict between automatic validation processing and human
processing of logotypes
My view is that we have no conflict.
A validation process is the first pit-stop, which will check the
trustworthiness of a certificate (including its chain) including:
- Chaining to a trusted root
- Validity periods
- Revocation status and presence of suitable status checking service
- key usage
- Key lengths and algorithms
- Suitability and acceptance of certificate policies
- Suitability and acceptance of present names and name forms
- Suitability and acceptance of extensions (including logos)
This process gives a yes and no answer to the question. "Is this
certificate valid, trusted and fit for its purpose?"
If the user is a mashie. This stops here and goes directly to authorization
processing in applications.
If not, then we have pit-stop number two, display of certificates, given
that the certificates passed pit-stop 1
If the user is a person and if his client is configured to display logos.
The user will have a convenient way to view the certificate through display
of logos together with associated names in text.
Now, the concern here is if a CA issues a certificate with false logos,
inconsistent with the present names. Could a user be fooled?
Yes of course would a user be fooled, but the flaw is not in the logotype
presence. The flaw is that your validation processing allows trust in a bad
CA. And if you have allowed trust in such CA, logos are the least of your
problems.
In the end, the self regulating factor is also that nobody can issue
certificates with bad information and hide from that fact. A bad CA, which
isn't living up to its decalred practices, will soon be out of business and
sued up to its ears.
I understand the fear for things we can not control, but names and logos
are simply such things. Its use and trust in them must be handled by the
market of CA's, not in a standards body.
But as I said. The protocol issues are standards work. Lets assume our
responsibility and provide solid tools needed by the market, and make them
good and globally interoperable.
Whether you like it or not. So far, all major market players I have talked
to (and they are many), including members of the European CA forum (ECAF)
and including the mobile world, wants and needs logos. Lets not hide from
this fact in our own little dream world. Lets accept the challenge instead.
/Stefan
At 11:30 2001-09-24 +0200, Denis Pinkas wrote:
>Stefan,
>
>The current point is whether we include or not this work item on our "PKIX
>plate". I wonder what the decision is at this time. Nevertheless, I will
>provide you with some comments on your e-mail.
>
> > Denis,
> >
> > As I catch up the logo discussion, I think your questions are pretty much
> > answered in the current draft.
> >
> > In principle, there is no difference between the certificate types you
> > mention regarding logos. What the logos means to the relying party is up to
> > each relying party to define.
>
>It seems difficult define extensions which have a left open and hence
>undefined meaning !
>
> > What is more important is that the different the logotypes have distinct
> > meanings.
> >
> > 1) Subject organization logotype: The logotype of the organization
> > specified in the subject field
> > 2) Issuer Logotype: The logotype of the organization specified in the
> > issuer field
> > 3) Concept logotype: A logotype used by the issuer to represent the concept
> > under which the certificate was issued.
> >
> > The concept may represent a type of assurance level, policy or a family of
> > distinct services shared between multiple CAs.
>
> > The meaning of these logotypes are the same for any type of certificate,
> > but in general they are only used to enhance human recognition after the
> > certificate having passed all other validation criteria for certificate
> > reliance.
>
>This is the main point that puzzles me. In other words, this extension is
>never checked when an automatic processing is being used, but is only
>checked (how ???, using which criteria ???) by a human being. When this
>extension appears in multiple certificates from a chain, shall all the
>logotypes be displayed, or printed ? How should this be done ?
>
>But the main point is that this could lead to different results whether
>human interactions or automatic processing is performed.
>
>Isn't it a problem ?
>
>Denis
>
>
> > /Stefan
> >
> > At 11:02 2001-09-06 +0200, Denis Pinkas wrote:
> >
> > >After seeing all that discussion about logos, I realized that we had
> > >a solution (i.e. the draft writen by Stefan) for an unknown problem.
> > >
> > >1) Are logos to be used in server certificates ?
> > > If so, what would be their intended meaning ?
> > >
> > >2) Are logos to be used in human-user certificates ?
> > > If so, what would be their intended meaning ?
> > >
> > >3) Are logos to be used in CA certificates ?
> > > If so, what would be their intended meaning ?
> > >
> > >4) Are logos to be used in self-signed certificates ?
> > > If so, what would be their intented meaning ?
> > >
> > >I do not think that the meaning and the use of the logo information will
> > >necessarilly be the same for all of the above cases.
> > >
> > >If that topic is going to stay on the charter, before we define a solution
> > >we should first define the requirements. So an INFORMATIONAL RFC on the
> > >requirements should be the first step. This Informational RFC should at
> > >least answer to the questions raised above.
> > >
> > >Denis
--=====================_21470683==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
Denis,<br>
<br>
3 Issues:<br>
<br>
<b>1) Should logos be checked by automatic processing?<br>
</b>No. Logotypes can't be processed as part of certificate validation
processing, with one exception which is the binary "allowed" or
"not allowed" local policy. <br>
<br>
<b>2) What logotypes should be displayed in a chain of
certificates?<br>
</b>This is up to applications to decide but in general: When you view a
certificate, only the logos of that certificate is displayed. If you view
a chain, then normally that view doesn't show certificate details and
would not show any logo at all. Future applications may however show
logotypes for each certificate as they display a chain but when
displaying a single certificate i doubt that any other logos will be
displayed.<br>
<br>
<b>3) Is there a conflict between automatic validation processing and
human processing of logotypes<br>
</b>My view is that we have no conflict.<br>
A validation process is the first pit-stop, which will check the
trustworthiness of a certificate (including its chain) including:<br>
- Chaining to a trusted root<br>
- Validity periods<br>
- Revocation status and presence of suitable status checking
service<br>
- key usage<br>
- Key lengths and algorithms<br>
- Suitability and acceptance of certificate policies<br>
- Suitability and acceptance of present names and name forms<br>
- Suitability and acceptance of extensions (including logos)<br>
<br>
This process gives a yes and no answer to the question. "Is this
certificate valid, trusted and fit for its purpose?"<br>
<br>
If the user is a mashie. This stops here and goes directly to
authorization processing in applications.<br>
<br>
If not, then we have pit-stop number two, display of certificates, given
that the certificates passed pit-stop 1<br>
If the user is a person and if his client is configured to display logos.
The user will have a convenient way to view the certificate through
display of logos together with associated names in text.<br>
<br>
Now, the concern here is if a CA issues a certificate with false logos,
inconsistent with the present names. Could a user be fooled?<br>
Yes of course would a user be fooled, but the flaw is not in the logotype
presence. The flaw is that your validation processing allows trust in a
bad CA. And if you have allowed trust in such CA, logos are the least of
your problems.<br>
<br>
In the end, the self regulating factor is also that nobody can issue
certificates with bad information and hide from that fact. A bad CA,
which isn't living up to its decalred practices, will soon be out of
business and sued up to its ears.<br>
<br>
I understand the fear for things we can not control, but names and logos
are simply such things. Its use and trust in them must be handled by the
market of CA's, not in a standards body.<br>
<br>
But as I said. The protocol issues are standards work. Lets assume our
responsibility and provide solid tools needed by the market, and make
them good and globally interoperable.<br>
<br>
Whether you like it or not. So far, all major market players I have
talked to (and they are many), including members of the European CA forum
(ECAF) and including the mobile world, wants and needs logos. Lets not
hide from this fact in our own little dream world. Lets accept the
challenge instead.<br>
<br>
/Stefan<br>
<br>
<br>
At 11:30 2001-09-24 +0200, Denis Pinkas wrote:<br>
<br>
<blockquote type=cite class=cite cite>Stefan,<br>
<br>
The current point is whether we include or not this work item on our
"PKIX<br>
plate". I wonder what the decision is at this time. Nevertheless, I
will<br>
provide you with some comments on your e-mail.<br>
<br>
> Denis,<br>
> <br>
> As I catch up the logo discussion, I think your questions are pretty
much<br>
> answered in the current draft.<br>
> <br>
> In principle, there is no difference between the certificate types
you<br>
> mention regarding logos. What the logos means to the relying party
is up to<br>
> each relying party to define.<br>
<br>
It seems difficult define extensions which have a left open and
hence<br>
undefined meaning !<br>
<br>
> What is more important is that the different the logotypes have
distinct<br>
> meanings.<br>
><br>
> 1) Subject organization logotype: The logotype of the
organization<br>
> specified in the subject field<br>
> 2) Issuer Logotype: The logotype of the organization specified in
the<br>
> issuer field<br>
> 3) Concept logotype: A logotype used by the issuer to represent the
concept<br>
> under which the certificate was issued.<br>
> <br>
> The concept may represent a type of assurance level, policy or a
family of<br>
> distinct services shared between multiple CAs.<br>
<br>
> The meaning of these logotypes are the same for any type of
certificate,<br>
> but in general they are only used to enhance human recognition after
the<br>
> certificate having passed all other validation criteria for
certificate<br>
> reliance.<br>
<br>
This is the main point that puzzles me. In other words, this extension
is<br>
never checked when an automatic processing is being used, but is
only<br>
checked (how ???, using which criteria ???) by a human being. When
this<br>
extension appears in multiple certificates from a chain, shall all
the<br>
logotypes be displayed, or printed ? How should this be done ? <br>
<br>
But the main point is that this could lead to different results
whether<br>
human interactions or automatic processing is performed. <br>
<br>
Isn't it a problem ? <br>
<br>
Denis<br>
<br>
<br>
> /Stefan<br>
> <br>
> At 11:02 2001-09-06 +0200, Denis Pinkas wrote:<br>
> <br>
> >After seeing all that discussion about logos, I realized that we
had<br>
> >a solution (i.e. the draft writen by Stefan) for an unknown
problem.<br>
> ><br>
> >1) Are logos to be used in server certificates ?<br>
> > If so, what would be their intended meaning
?<br>
> ><br>
> >2) Are logos to be used in human-user certificates ?<br>
> > If so, what would be their intended meaning
?<br>
> ><br>
> >3) Are logos to be used in CA certificates ?<br>
> > If so, what would be their intended meaning
?<br>
> ><br>
> >4) Are logos to be used in self-signed certificates ?<br>
> > If so, what would be their intented meaning
?<br>
> ><br>
> >I do not think that the meaning and the use of the logo
information will<br>
> >necessarilly be the same for all of the above cases.<br>
> ><br>
> >If that topic is going to stay on the charter, before we define
a solution<br>
> >we should first define the requirements. So an INFORMATIONAL RFC
on the<br>
> >requirements should be the first step. This Informational RFC
should at<br>
> >least answer to the questions raised above.<br>
> ><br>
> >Denis </blockquote></html>
--=====================_21470683==_.ALT--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8O9kYZ13554 for ietf-pkix-bks; Mon, 24 Sep 2001 02:46:34 -0700 (PDT)
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8O9kWD13547 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 02:46:32 -0700 (PDT)
Received: from santesson.addtrust.com ([192.168.101.132]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 24 Sep 2001 11:46:26 +0200
Message-Id: <5.0.0.25.2.20010924100541.02c0bd90@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 24 Sep 2001 11:46:34 +0200
To: Steve Hanna <steve.hanna@sun.com>, Stephen Kent <kent@bbn.com>
From: Stefan Santesson <stefan@addtrust.com>
Subject: Logos in PKIX - Was: charter revisions
Cc: ietf-pkix@imc.org
In-Reply-To: <3B8D57EF.70505C80@sun.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-OriginalArrivalTime: 24 Sep 2001 09:46:26.0828 (UTC) FILETIME=[C77B1CC0:01C144DD]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve,
There has been a lot of discussions regarding logos and as reply to the
whole discussion I would like to debate some of your original issues
concerning logos.
First as a general remark:
Some say that logos are not a security issue and should not be handled in PKIX.
The security issue is indirect but very real. We are dealing with an
infrastructure for public key recognition. (i.e. who is the owner of this
key or what is the right key for XX). The user of this infrastructure is
devices, applications and humans, where humans is the worst kind.
Humans are unpredictable, has bad memory, acts irresponsibly and has low
calculation capacity. In other words - they need help.
Providing help to humans, in a human way, IS a real security issue.
Providing bad human interfaces is BAD security.
The simple rule is:
Human recognition of text based names is bad.
Human recognition of visual symbols and visual concepts is good.
This is why we use logotypes and symbols in all possible situations and
applications in the world where we have a human user.
The common objection is uncertainties of the trustworthiness of logotypes,
i.e how we can assure what logotype is legitimate for what entity.
This is in fact an issue which goes far beyond PKIX and where PKIX should
NOT try to provide solutions as little as PKIX try to make standards for
policies and legal aspects of names and any other attributes. As
representing a commercial CA service, I see this as the least problem right
now. If there is a will, there is a way.
But the protocol aspect of logos is a PKIX issue. I.e. how to include them,
formats and parsing issues together with its relationship with path
processing and means of specifying policy aspects.
More comments follow in line;
At 17:00 2001-08-29 -0400, Steve Hanna wrote:
>I haven't seen any comments on the revised charter yet. Most of it looks
>good to me. However, I don't think PKIX should do any work on the
>logotype extension. I know that there is a demand for this from
>marketing folks, but I don't believe that we should standardize it
>unless it can be used securely. This does not seem possible.
>
>First, CAs will find it very hard to verify whether a particular
>logotype should be included in a particular certificate. They'll just
>need to certify whatever the client gives them and disclaim all
>responsibility for its accuracy. With textual names, at least they can
>make some attempt to verify that the name corresponds to the requesting
>client (by requiring a response from an email address before it's
>certified, for instance).
This is a legal issue that PKIX should move away from. There are many ways
to tie a logotype to an organization, as there are with names. This is
nothing new for certificates. The simplest way is to get a signed statement
from the company tied to some penalty for giving false information. It is
not fool proof but it may be good enough for many applications.
>Second, there's no equivalent to name constraints for use in cross
>certificates. If I cross certify someone, I just have to trust that they
>(and anyone they certify) will only put proper logotypes into
>certificates.
Correct. If you cross certify a CA you will need to determine if you want
to link trust to their way of issuing certificates.
>Third, an apparently innocuous logotype can change appearance radically
>when scaled to a smaller size or mapped to a different number of colors.
>This can be exploited to deceive cell phone users into thinking that
>they're communicating with their bank, for instance.
This is an issue we need to discuss further. I have no answer to this but
it is not a reason not to do the job.
>Unless these concerns can be addressed, I do not think that this
>proposal is safe and secure. And I do not think that the IETF should
>publish an RFC on a fundamentally insecure idea, especially from a
>security working group.
Following this reasoning we also need to cancel RFC 2459 and all derivative
work as well. God knows what kind of un trusted information you can put
into certificates to fool people if you want.
As I said. We need to remove the legal aspects from the PKIX agenda and
focus on the protocol aspects, and make that aspect SECURE. As representing
a commercial CA I guarantee that 1) there is a real need for this, 2) it
will be implemented and 3) there are ways of being sure enough on the
accuracy of logotypes.
>-Steve
/Stefan
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8O9V0d11978 for ietf-pkix-bks; Mon, 24 Sep 2001 02:31:00 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8O9UwD11958 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 02:30:59 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA31718; Mon, 24 Sep 2001 11:33:16 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id LAA12080; Mon, 24 Sep 2001 11:30:25 +0200
Message-ID: <3BAEFD31.42BD5B9D@bull.net>
Date: Mon, 24 Sep 2001 11:30:25 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Stefan Santesson <stefan@addtrust.com>
CC: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Logos: objection to charter revisions
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au> <5.0.0.25.2.20010924094912.02c35b38@mail.addtrust.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Stefan,
The current point is whether we include or not this work item on our "PKIX
plate". I wonder what the decision is at this time. Nevertheless, I will
provide you with some comments on your e-mail.
> Denis,
>
> As I catch up the logo discussion, I think your questions are pretty much
> answered in the current draft.
>
> In principle, there is no difference between the certificate types you
> mention regarding logos. What the logos means to the relying party is up to
> each relying party to define.
It seems difficult define extensions which have a left open and hence
undefined meaning !
> What is more important is that the different the logotypes have distinct
> meanings.
>
> 1) Subject organization logotype: The logotype of the organization
> specified in the subject field
> 2) Issuer Logotype: The logotype of the organization specified in the
> issuer field
> 3) Concept logotype: A logotype used by the issuer to represent the concept
> under which the certificate was issued.
>
> The concept may represent a type of assurance level, policy or a family of
> distinct services shared between multiple CAs.
> The meaning of these logotypes are the same for any type of certificate,
> but in general they are only used to enhance human recognition after the
> certificate having passed all other validation criteria for certificate
> reliance.
This is the main point that puzzles me. In other words, this extension is
never checked when an automatic processing is being used, but is only
checked (how ???, using which criteria ???) by a human being. When this
extension appears in multiple certificates from a chain, shall all the
logotypes be displayed, or printed ? How should this be done ?
But the main point is that this could lead to different results whether
human interactions or automatic processing is performed.
Isn't it a problem ?
Denis
> /Stefan
>
> At 11:02 2001-09-06 +0200, Denis Pinkas wrote:
>
> >After seeing all that discussion about logos, I realized that we had
> >a solution (i.e. the draft writen by Stefan) for an unknown problem.
> >
> >1) Are logos to be used in server certificates ?
> > If so, what would be their intended meaning ?
> >
> >2) Are logos to be used in human-user certificates ?
> > If so, what would be their intended meaning ?
> >
> >3) Are logos to be used in CA certificates ?
> > If so, what would be their intended meaning ?
> >
> >4) Are logos to be used in self-signed certificates ?
> > If so, what would be their intented meaning ?
> >
> >I do not think that the meaning and the use of the logo information will
> >necessarilly be the same for all of the above cases.
> >
> >If that topic is going to stay on the charter, before we define a solution
> >we should first define the requirements. So an INFORMATIONAL RFC on the
> >requirements should be the first step. This Informational RFC should at
> >least answer to the questions raised above.
> >
> >Denis
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8O85JG04215 for ietf-pkix-bks; Mon, 24 Sep 2001 01:05:19 -0700 (PDT)
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8O85GD04211 for <ietf-pkix@imc.org>; Mon, 24 Sep 2001 01:05:17 -0700 (PDT)
Received: from santesson.addtrust.com ([192.168.101.132]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 24 Sep 2001 10:04:54 +0200
Message-Id: <5.0.0.25.2.20010924094912.02c35b38@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 24 Sep 2001 10:05:02 +0200
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stefan Santesson <stefan@addtrust.com>
Subject: Re: Logos: objection to charter revisions
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
In-Reply-To: <3B973BAD.ACB38E34@bull.net>
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-OriginalArrivalTime: 24 Sep 2001 08:04:55.0297 (UTC) FILETIME=[98A53F10:01C144CF]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis,
As I catch up the logo discussion, I think your questions are pretty much
answered in the current draft.
In principle, there is no difference between the certificate types you
mention regarding logos. What the logos means to the relying party is up to
each relying party to define.
What is more important is that the different the logotypes have distinct
meanings.
1) Subject organization logotype: The logotype of the organization
specified in the subject field
2) Issuer Logotype: The logotype of the organization specified in the
issuer field
3) Concept logotype: A logotype used by the issuer to represent the concept
under which the certificate was issued.
The concept may represent a type of assurance level, policy or a family of
distinct services shared between multiple CAs.
The meaning of these logotypes are the same for any type of certificate,
but in general they are only used to enhance human recognition after the
certificate having passed all other validation criteria for certificate
reliance.
/Stefan
At 11:02 2001-09-06 +0200, Denis Pinkas wrote:
>After seeing all that discussion about logos, I realized that we had
>a solution (i.e. the draft writen by Stefan) for an unknown problem.
>
>1) Are logos to be used in server certificates ?
> If so, what would be their intended meaning ?
>
>2) Are logos to be used in human-user certificates ?
> If so, what would be their intended meaning ?
>
>3) Are logos to be used in CA certificates ?
> If so, what would be their intended meaning ?
>
>4) Are logos to be used in self-signed certificates ?
> If so, what would be their intented meaning ?
>
>I do not think that the meaning and the use of the logo information will
>necessarilly be the same for all of the above cases.
>
>If that topic is going to stay on the charter, before we define a solution
>we should first define the requirements. So an INFORMATIONAL RFC on the
>requirements should be the first step. This Informational RFC should at
>least answer to the questions raised above.
>
>Denis
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8K5W2w23840 for ietf-pkix-bks; Wed, 19 Sep 2001 22:32:02 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8K5W1D23836 for <ietf-pkix@imc.org>; Wed, 19 Sep 2001 22:32:01 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJY008014QJOT@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 19 Sep 2001 22:32:43 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJY008TF4QIGZ@ext-mail.valicert.com>; Wed, 19 Sep 2001 22:32:42 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT36D6F>; Wed, 19 Sep 2001 22:25:02 -0700
Content-return: allowed
Date: Wed, 19 Sep 2001 22:24:54 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification of ServiceLocator in RFC 2560
To: "'andrews@adacel.com.au'" <andrews@adacel.com.au>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE379@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_EEMvrFc5JSN0vkAR9fWCBw)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_EEMvrFc5JSN0vkAR9fWCBw)
Content-type: text/plain
Andrew -
My answer is in-line:
-----Original Message-----
From: Andrew Sciberras [mailto:andrews@adacel.com.au]
Sent: Wednesday, September 19, 2001 9:25 PM
To: Pkix (E-mail)
Subject: Clarification of ServiceLocator in RFC 2560
Hi,
I have a query regarding the manner in which an OCSP Server should handle
the ServiceLocator extension as specified in RFC2560.
I would firstly like to point out section 3.2 of RFC 2560:
" Prior to accepting a signed response as being valid, OCSP clients SHALL
confirm that:
.......
3. The identity of the signer matches the intended recipient of the
request.
.....
"
I would interpret #3 to basically mean that if you send a request to a
particular OCSP Server that it must be the ocsp server that signs the
response.
Image the scenario when an ocsp server forwards the request to the location
stated in the ServiceLocator field.
Upon the external OCSP server processing the request it should return a
signed response regarding the certificate in question.
What should the original ocsp server do now?
- If it simply gives the client back the signed message, wouldn't the
client have to reject it as stated above in #3?
- Or, should the server perform all of the steps in 3.2 to ensure that
the signed response is valid, and then just resign it themselves and give
the newly signed copy to the Client?
<rmh>Both cases are in-fact valid, essentially it is a question to forward
or to proxy; a forward possibly makes sense in the case of an issuer
operating a public responder using a CA delegated responder
certificate.</rmh>
I would assume that the second statement, where the server authenticates and
resigns, is the method to use, however this was not clear to me from the
RFC.
Thanks,
Andrew Sciberras
Adacel Technologies Ltd
--Boundary_(ID_EEMvrFc5JSN0vkAR9fWCBw)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C1415A.9C38E140">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>Andrew -<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'><span =
style=3D'mso-tab-count:1'> &nbs=
p; </span>My
answer is in-line:</span></font><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></spa=
n></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Andrew Sciberras
[mailto:andrews@adacel.com.au<span class=3DGramE>] <br>
<b><span style=3D'font-weight:bold'>Sent</span></b></span><b><span
style=3D'font-weight:bold'>:</span></b> </span></font><st1:date =
Month=3D"9" Day=3D"19"
Year=3D"2001"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:
Tahoma'>Wednesday, September 19, 2001</span></font></st1:date><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> =
</span></font><st1:time
Hour=3D"21" Minute=3D"25"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>9:25 PM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> Pkix (E-mail)<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Clarification =
of
ServiceLocator in RFC 2560</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Hi,</span></font><o:p></o:p=
></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I have a query regarding =
the manner
in which an OCSP Server should handle the ServiceLocator extension as =
specified
in RFC2560. </span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I would firstly like to =
point out
section 3.2 of RFC 2560:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>" </span></font><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Prior =
to accepting
a signed response as being valid, OCSP clients SHALL confirm =
that:</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> =
</span></font><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>.......</span></font><o:p><=
/o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'> &nb=
sp;
3. The identity of the signer matches the intended recipient of the =
request.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> =
</span></font><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>.....</span></font><o:p></o=
:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> "<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>I would interpret #3 to basically mean =
that if
you send a request to a particular OCSP Server that it must be the ocsp =
server
that signs the response.<o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Image the scenario when an =
ocsp
server forwards the request to the location stated in the =
ServiceLocator field.
</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Upon the external OCSP =
server
processing the request it should return a signed response regarding the
certificate in question.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>What should the original =
ocsp server
do now?</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>- If it =
simply
gives the client back the signed message, wouldn't the client have to =
reject it
as stated above in #3?</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>- Or, =
should the
server perform all of the steps in 3.2 to ensure that the signed =
response is
valid, and then just resign it themselves and give the newly signed =
copy to the
Client?</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><<span =
class=3DSpellE>rmh</span>>Both
cases are in-fact valid, essentially it is a question to forward or to =
proxy; a
forward possibly makes sense in the case of an issuer operating a =
public
responder using a CA delegated responder certificate.</<span =
class=3DSpellE>rmh</span>><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I would assume that the =
second
statement, where the server authenticates and resigns, is the method to =
use,
however this was not clear to me from the =
RFC.</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Thanks,</span></font><o:p><=
/o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><strong><b><font =
size=3D2 face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Andrew =
Sciberras</span></font></b></strong><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Adacel Technologies =
Ltd</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
</div>
</body>
</html>
--Boundary_(ID_EEMvrFc5JSN0vkAR9fWCBw)--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8K4OQO21955 for ietf-pkix-bks; Wed, 19 Sep 2001 21:24:26 -0700 (PDT)
Received: from arnie.adacel.com.au (arnie.adacel.com.au [203.36.26.147]) by above.proper.com (8.11.6/8.11.3) with SMTP id f8K4OFD21951 for <ietf-pkix@imc.org>; Wed, 19 Sep 2001 21:24:20 -0700 (PDT)
Received: (qmail 27131 invoked from network); 20 Sep 2001 04:31:54 -0000
Received: from shylock.adacel.com.au (HELO shylock) (203.8.85.11) by arnie.adacel.com.au with SMTP; 20 Sep 2001 04:31:54 -0000
Reply-To: <andrews@adacel.com.au>
From: "Andrew Sciberras" <andrews@adacel.com.au>
To: "Pkix \(E-mail\)" <ietf-pkix@imc.org>
Subject: Clarification of ServiceLocator in RFC 2560
Date: Thu, 20 Sep 2001 14:24:48 +1000
Message-ID: <024b01c1418c$2fb39650$0b5508cb@adacel.com.au>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_024C_01C141E0.015FA650"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This is a multi-part message in MIME format.
------=_NextPart_000_024C_01C141E0.015FA650
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hi,
I have a query regarding the manner in which an OCSP Server should handle
the ServiceLocator extension as specified in RFC2560.
I would firstly like to point out section 3.2 of RFC 2560:
" Prior to accepting a signed response as being valid, OCSP clients SHALL
confirm that:
.......
3. The identity of the signer matches the intended recipient of the
request.
.....
"
I would interpret #3 to basically mean that if you send a request to a
particular OCSP Server that it must be the ocsp server that signs the
response.
Image the scenario when an ocsp server forwards the request to the location
stated in the ServiceLocator field.
Upon the external OCSP server processing the request it should return a
signed response regarding the certificate in question.
What should the original ocsp server do now?
- If it simply gives the client back the signed message, wouldn't the
client have to reject it as stated above in #3?
- Or, should the server perform all of the steps in 3.2 to ensure that
the signed response is valid, and then just resign it themselves and give
the newly signed copy to the Client?
I would assume that the second statement, where the server authenticates and
resigns, is the method to use, however this was not clear to me from the
RFC.
Thanks,
Andrew Sciberras
Adacel Technologies Ltd
------=_NextPart_000_024C_01C141E0.015FA650
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>I have =
a query=20
regarding the manner in which an OCSP Server should handle the =
ServiceLocator=20
extension as specified in RFC2560. </FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>I =
would firstly like=20
to point out section 3.2 of RFC 2560:</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001>" <FONT =
face=3DArial=20
size=3D2>Prior to accepting a signed response as being valid, OCSP =
clients SHALL=20
confirm that:</FONT></SPAN></DIV>
<DIV><SPAN =
class=3D234475003-20092001> =20
<FONT face=3DArial size=3D2>.......</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2> 3. The identity of =
the signer=20
matches the intended recipient of the request.</FONT></SPAN></DIV>
<DIV><SPAN =
class=3D234475003-20092001> =20
<FONT face=3DArial size=3D2>.....</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001> "</SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D234475003-20092001>I would interpret #3 to =
basically mean=20
that if you send a request to a particular OCSP Server that it must be =
the ocsp=20
server that signs the response.</SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001></SPAN> </DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>Image =
the scenario=20
when an ocsp server forwards the request to the location stated in the=20
ServiceLocator field. </FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>Upon =
the external=20
OCSP server processing the request it should return a signed response =
regarding=20
the certificate in question.</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>What =
should the=20
original ocsp server do now?</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001> <FONT =
face=3DArial size=3D2>-=20
If it simply gives the client back the signed message, wouldn't the =
client have=20
to reject it as stated above in #3?</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001> <FONT =
face=3DArial size=3D2>-=20
Or, should the server perform all of the steps in 3.2 to ensure that the =
signed=20
response is valid, and then just resign it themselves and give the newly =
signed=20
copy to the Client?</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial size=3D2>I =
would assume that=20
the second statement, where the server authenticates and resigns, is the =
method=20
to use, however this was not clear to me from the =
RFC.</FONT></SPAN></DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D234475003-20092001><FONT face=3DArial=20
size=3D2>Thanks,</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Andrew =
Sciberras</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Adacel Technologies Ltd</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>
------=_NextPart_000_024C_01C141E0.015FA650--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8IFvIS15159 for ietf-pkix-bks; Tue, 18 Sep 2001 08:57:18 -0700 (PDT)
Received: from wfhqex05.gfgsi.com (netva01.getronicsgov.com [206.137.100.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8IFvFD15144; Tue, 18 Sep 2001 08:57:17 -0700 (PDT)
Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2653.19) id <R052YHX0>; Tue, 18 Sep 2001 11:57:20 -0400
Message-ID: <0B95FB5619B3D411817E006008A59259B51B9B@wfhqex06.gfgsi.com>
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "Pawling, John" <John.Pawling@GetronicsGov.com>
Subject: v1.9.3 Certificate Management Library (CML) Now Available
Date: Tue, 18 Sep 2001 11:57:11 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Getronics Government Solutions has delivered the Version 1.9.3
Certificate Management Library (CML) for Microsoft Windows,
Sun Solaris and Linux. The v1.9.3 CML is freely available
to everyone from the Getronics CML web page at:
<http://www.getronicsgov.com/hot/cml_home.htm>.
This release fixes bugs present in previous CML releases.
Applications requiring Public Key Infrastructure (PKI) security
services can use the CML to meet their X.509 certificate and
Certificate Revocation List (CRL) processing requirements.
The v1.9.3 CML is described in the v1.9 CML Application Programming
Interface (API) document. It implements the 2000 X.509 Recommendation
certification path processing rules and SDN.706 profile. It meets
the majority of the IETF PKIX RFC 2459 Certificate/CRL Profile
requirements. There are some unsupported features such as
Delta CRLs. It Abstract Syntax Notation One (ASN.1) decodes X.509
Certificates and CRLs. The v1.9.3 CML requires the v1.3 R6 Enhanced
SNACC ASN.1 software that is freely available from:
<http://www.getronicsgov.com/hot/snacc_home.htm>.
The CML uses the accompanying Storage and Retrieval Library (SRL)
(optionally) to provide local certificate and CRL storage management
functions. The SRL (optionally) provides remote directory retrieval
capabilities using the Lightweight Directory Access Protocol (LDAP).
The CML uses path building software based on the v2.0 Certificate
Path Development Library (CPDL) developed by CygnaCom Solutions,
a division of Entrust, to provide robust certification path
building capabilities such as using cross certificates.
The CML has been thoroughly tested including validating X.509
Certificates and CRLs created by a variety of Certification
Authority (CA) products, and signed using the Digital Signature
Algorithm (DSA) and RSA algorithms. Further enhancements,
ports and testing of the CML are still in process. Further
releases of the CML will be provided as significant
capabilities are added.
The following enhancements are included in the v1.9.3 CML release
(compared with the v1.9.2 release):
1. Fixed linked list bugs in loadDSAparameters() function in
CM_Cache.cpp source file that caused CML_CreateSession to
fail to return when adding multiple trusted certificates to
the SRL.
2. Fixed bug in CMU_DSAEncodePQGparms() function in CM_encode.cpp
source file in which it was using the AsnInt class for the
DSA P, Q and G parameters instead of using the CSM_BigIntegerStr
class. This caused the DSA parameters to be improperly encoded
which (in some cases) caused the Crypto Token Interface Library
(CTIL) to return an error (ex: MSB is 1) indicating that the
DSA parameters were not encoded as valid unsigned ASN.1 INTEGER
values.
The following v1.9.3 CML files are available from the Getronics CML
web page:
1) Windows_CML_Lib_v1.9.3.ZIP: MS Windows Dynamically Linked Libraries
2) Windows_CM_Tool_v1.9.3.ZIP: CM_Tool executable
3) Solaris_CML_Lib_v1.9.3.tar.Z: Sun Solaris Libraries
4) Solaris_CM_Tool_v1.9.3.tar.z: CM_Tool for Solaris
5) Linux_CML_Lib_v1.9.3.tar.Z: Linux Libraries
6) Linux_CM_Tool_v1.9.3.tar.z: CM_Tool for Linux
7) CML_source_v1.9.3.tar.Z: Source, including Windows project files
8) CMAPI_data.tar.Z: Test Certs and CRLs used to test CML
The v1.9 CML API document (CMv1.9api.doc, CMv1.9api.pdf), v1.9 SRL API
document (SRLv1.9api.doc, SRLv1.9api.pdf), and v1.9.3 CML readme file
are also available from the Getronics CML web page.
All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations
can use the CML without paying any royalties or licensing fees. The
CML was originally developed by the U.S. Government. Getronics is
enhancing and supporting the CML under contract to the U.S. Government.
The U.S. Government is furnishing the CML software at no cost to the
vendor subject to the conditions of the CML Public License provided
with the CML software.
The CML makes calls to an algorithm-independent Crypto Token Interface
Library (CTIL) API. The CTIL architecture enables the CML to be used
with a variety of crypto libraries and tokens. The v1.9.3 CML uses the
v1.3 R6 Enhanced SNACC ASN.1 C Library to encode and decode objects.
Getronics has successfully tested the v1.9.3 CML with the SNACC and
CTIL libraries delivered with the v1.10 S/MIME Freeware Library (SFL).
Source code for the Getronics-developed CTILs is available from
<http://www.getronicsgov.com/hot/sfl_home.htm>. The actual crypto
libraries are not provided with the CML or SFL. They must be
independently obtained from the appropriate source.
The v1.9.3 CML uses path building software based on the v2.0 CPDL
to successfully meet all of the requirements of the Bridge
Certification Authority Demonstration Phase II that includes cross-
certified Entrust, Spyrus, Baltimore, and Motorola v3 certificate
domains. The CML_source.tar.Z file includes the Getronics-enhanced
CPDL source code and public license. More info regarding the CPDL
is available from: <http://www.cygnacom.com/products/index.htm>.
The National Institute of Standards and Technology (NIST) is
providing a standard test suite of X.509 certificate paths
<http://csrc.nist.gov/pki/testing/x509paths.html> that can be
used for testing applications against RFC 2459. The CML was
used to successfully process the NIST test data.
NIST is using the CML and SFL as part of the NIST S/MIME Test
Facility (NSMTF) that they are planning to host (see
<http://csrc.ncsl.nist.gov/pki/smime/>). Organizations will
be able to use the NSMTF to help determine if their products
comply with the IETF S/MIME v3 specifications and the Federal
S/MIME v3 Clent Profile.
The Internet Mail Consortium (IMC) has established a CML web page
<http://www.imc.org/imc-cml> and a CML mail list which is used to:
distribute information regarding CML releases; discuss CML-related
issues; and allow CML users to provide feedback, comments, bug
reports, etc. Subscription information for the imc-cml mailing list
is at the IMC web site listed above.
All comments regarding the CML source code and documents are welcome.
This CML release announcement was sent to several mail lists, but
please send all messages regarding the CML to the imc-cml mail list
ONLY. Please do not send messages regarding the CML to any of the IETF
mail lists. We will respond to all messages sent to the imc-cml mail
list.
===========================================
John Pawling, John.Pawling@GetronicsGov.com
Getronics Government Solutions, LLC
===========================================
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8I7L9n00495 for ietf-pkix-bks; Tue, 18 Sep 2001 00:21:09 -0700 (PDT)
Received: from mail.ca (ip6.certicom.com [209.121.99.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8I7L7D00486 for <ietf-pkix@imc.org>; Tue, 18 Sep 2001 00:21:08 -0700 (PDT)
Received: from smtpmail.certicom.com (smtpmail [10.0.1.25]) by mail.ca (8.9.3/8.9.3) with SMTP id DAA27343; Tue, 18 Sep 2001 03:13:45 -0400 (EDT)
Received: by smtpmail.certicom.com(Lotus SMTP MTA v4.6.4 (830.2 3-23-1999)) id 85256ACB.002850DB ; Tue, 18 Sep 2001 03:20:21 -0400
X-Lotus-FromDomain: CERTICOM
From: "Amit Kapoor" <akapoor@certicom.com>
To: Magnus Nystr=?iso-8859-1?Q?=F6m?= <magnus@dynas.se>
cc: ietf-pkix@imc.org, "Richards, Gareth" <GRichards@rsasecurity.com>
Message-ID: <85256ACB.00284F51.00@smtpmail.certicom.com>
Date: Mon, 17 Sep 2001 23:57:08 -0700
Subject: Re: Polling in CMP
Mime-Version: 1.0
Content-type: multipart/mixed; Boundary="0__=kFoRPgb4asWjUFXG3ePhC51ARqqs34Gf90OdA3Iq7FMcbueL69EYE8lf"
Content-Disposition: inline
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--0__=kFoRPgb4asWjUFXG3ePhC51ARqqs34Gf90OdA3Iq7FMcbueL69EYE8lf
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi Magnus, Gareth,
A quick glance seems the proposal is inline with the original discussion.
However,
I would like to expand the scope of polling a little bit. One of the other
problems
we have been dealing with is that issuance of certificates sometimes
require
a back and forth question & answer session between the end entity and the
server
for identity authentication. The current interoperable subset of the CMP
protocol assumes
(a) all the information needed by the server is in the original request or
(b) the server
does out of band verification if information needed is not sufficient.
I believe this requirement is generic enough to require interoperable
support
and should go into the CMP protocol. Based on the use of the proposed CMP
poll request & response, it looks like a good choice. Would like to hear
your
thoughts......
regards
Amit
Magnus Nystrom <magnus@rsasecurity.com> on 09/06/2001 07:19:28 AM
Please respond to Magnus Nystr
--0__=kFoRPgb4asWjUFXG3ePhC51ARqqs34Gf90OdA3Iq7FMcbueL69EYE8lf
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-transfer-encoding: quoted-printable
=F6m <magnus@dynas.se>
To: ietf-pkix@imc.org
cc: "Richards, Gareth" <GRichards@rsasecurity.com> (bcc: Amit Kapoor/=
Certicom)
Subject: Polling in CMP
=
--0__=kFoRPgb4asWjUFXG3ePhC51ARqqs34Gf90OdA3Iq7FMcbueL69EYE8lf
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
All,
Going back to a topic discussed earlier this year, and after
discussions with various individuals at the recent IETF in London, we
would like to propose the attached simple extension to CMP to handle
polling. The reason for this proposal is as stated previously - we
feel that a protocol which specifies a "wait - come back later"
server status also should specify how a client should poll the server,
rather than deferring this to transport protocols.
Assume that the CMP enrollment is taking place in a browser script and
the browser may be terminated before the polling is complete. Then a
way of saving state and continuing the polling at a later date is
needed. If the polling is done in CMP then this is possible by
reissuing the request or whatever but if it is done by the transport
layer then it does not seem clear how this is going to be done.
Thanks to Amit Kapoor for the original proposal regarding these
messages.
BR,
-- Magnus
Magnus Nystrom
RSA Security
--------------------------------------------------------------------------
pollReq [25] PollReqContent
pollRep [26] PollRepContent
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason [0] PKIFreeText OPTIONAL
}
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER
}
1. It is assumed that multiple certConf messages can be sent during
the transaction. There will be one sent in response to each ip, cp or kup
containing a CertStatus for each approved certificate. If a
single certConf must be sent for the transaction then it is possible that the
confirmWaitTime (rfc2510bis section 3.1.1.2) of the first certificate will have
expired before the second cert pickup has take place.
2. In response to an ip, cp or kup message, an EE will send a certConf for all
approved certificates and following the ack, a pollReq for all pending
certificates.
2. In respose to a pollReq, a CA/RA will return a ip, cp or kup if one or more
of the pending certificates is ready otherwise it will return a pollRep.
3. If the EE receives a pollRep in return, it will wait for at least the lowest
checkAfter value before sending another pollReq.
4. If an ip, cp or kup is received in reply to a pollReq then it will be treated
in
the same way as the initial response.
Start
|
|
\/
Send ir
|
| ip
|
\/
Check status
of of returned
<----------------------------------|
certs.
|
|
|
|----------------------------->|<-----------------------|
|
| | |
|
| \/ |
|
approved waiting
|
Add to conf list <---------- Check CertResponse --------> Add to pending list
|
/\
|
conf list / \Empty conf list
|
/ \ ip
|
/ \
--------------------------------|
Empty pending / \ |
list / \ | pRep
End <--------- Send certConf Send pReq-------------- Wait
| /\ /\ |
| | | |
------------------- -------------------
Pending list Wait
In the following exchange, the end entity is enroling for two certificates in
one request.
Step End Entity PKI
-------------------------------------------------------------------
1 Format ir
2 -> ir ->
3 Handle ir
4 Manual intervention is
required for both certs.
5 <- ip <-
6 Process ip
7 Format pReq
8 -> pReq ->
9 Check status of certificate requests
10 Certificates not ready
11 Format pRep
12 <- pRep <-
13 Wait
14 Format pReq
15 -> pReq ->
16 Check status of certificate requests
17 One certificate is ready
18 Format ip
19 <- ip <-
20 Handle ip
21 Format certConf
22 -> certConf ->
23 Handle certConf
24 Format ack
25 <- pkiConf <-
26 Format pReq
27 -> pReq ->
28 Check status of certificate
29 Certificate is ready
30 Format ip
31 <- ip <-
31 Handle ip
32 Format certConf
33 -> certConf ->
34 Handle certConf
35 Format ack
36 <- pkiConf <-
--0__=kFoRPgb4asWjUFXG3ePhC51ARqqs34Gf90OdA3Iq7FMcbueL69EYE8lf--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8HETll17943 for ietf-pkix-bks; Mon, 17 Sep 2001 07:29:47 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8HETkD17938 for <ietf-pkix@imc.org>; Mon, 17 Sep 2001 07:29:46 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJT00D019MPBL@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 17 Sep 2001 07:30:25 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJT00D5H9MO3B@ext-mail.valicert.com>; Mon, 17 Sep 2001 07:30:24 -0700 (PDT)
Received: from beethoven (192.168.51.206 [192.168.51.206]) by polaris.valicert.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id SMT35NDB; Mon, 17 Sep 2001 07:22:42 -0700
Date: Mon, 17 Sep 2001 10:29:28 -0400
From: John Thielens <johnt@valicert.com>
Subject: Re: Clarification request on RFC 2560
To: Margus Freudenthal <margus@cyber.ee>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <003401c13f85$2b7f2e40$9d64a8c0@beethoven>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Content-type: text/plain; charset="iso-8859-1"
X-Priority: 3
X-MSMail-priority: Normal
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA235AA.F2BD91E1@bull.net> <00c001c13d47$fff9ae10$64fea8c0@beethoven> <3BA5B16D.83BB2F94@cyber.ee>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f8HETkD17939
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Margus:
> If the client can not count on something, this feature is not very
> useful. In this case, the client must still implement functionality for
> retrieving certificates needed for verification of the OCSP response
> (this is a MUST, because I can't rely on the OCSP response itself).
> Retrieving certificates from the OCSP response itself means that the
> client developer must do additional work in hope that some OCSP
> responder will put something useful in the response.
>
> I would suggest explicitly stating the assumptions that the client can
> make about the content of the certs field, and if these assumptions
> consist of an empty set, removing this field as it only complicates
> things without providing any measurable value.
Part of this depends on the trust model between the client and the server. If there were no certs in the request, this would require the server to have foreknowledge of the requester's certificate, indexed by its name (requestorName). By allowing the requester to supply certs, presumably a cert chain up to but not including some trust root expected at the server, this makes the protocol more flexible.
Ditto for the certs in the response from the server. This is very common practice and appears in protocols like SSL/TLS, CMS (S/MIME), and so on.
The reason I say the entity using the certs MUST NOT count on any particular meaning to the order or presence of the certs is because normal path discovery and path validation rules apply here per 2459 (sec. 6.1 -- although this is somewhat thin on discovery). Before path validation, the client counts on nothing. But after path validation, the client knows exactly what to trust.
John
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8H988A29791 for ietf-pkix-bks; Mon, 17 Sep 2001 02:08:08 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8H986D29787 for <ietf-pkix@imc.org>; Mon, 17 Sep 2001 02:08:06 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA33410; Mon, 17 Sep 2001 11:10:16 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id LAA05362; Mon, 17 Sep 2001 11:07:32 +0200
Message-ID: <3BA5BD5B.5EEB45EE@bull.net>
Date: Mon, 17 Sep 2001 11:07:39 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Margus Freudenthal <margus@cyber.ee>
CC: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA235AA.F2BD91E1@bull.net> <00c001c13d47$fff9ae10$64fea8c0@beethoven> <3BA5B16D.83BB2F94@cyber.ee>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Margus,
> John Thielens wrote:
> > > 4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
> > I believe #4 is the correct answer (I have seen enough variation
> > in the ordering to preclude #1 and #2 -- perhaps this is why CMS
> > uses SET OF instead of SEQUENCE OF, although it also commits the
> > sin of OPTIONAL without SIZE (1..MAX)). #4 puts the onus squarely
> > on the relying party's shoulders to assess the applicability of
> > the certificates to substantiate the signature. Of course, the
> > server SHOULD only put in useful certs, but the client MUST NOT
> > count on it.
> If the client can not count on something, this feature is not very
> useful.
In the ASN1 syntax that field is OPTIONAL. So the client cannot assume
that he will always be present, ... unless we write a profile of that
document where we make that field mandatory.
Denis
> In this case, the client must still implement functionality for
> retrieving certificates needed for verification of the OCSP response
> (this is a MUST, because I can't rely on the OCSP response itself).
> Retrieving certificates from the OCSP response itself means that the
> client developer must do additional work in hope that some OCSP
> responder will put something useful in the response.
>
> I would suggest explicitly stating the assumptions that the client can
> make about the content of the certs field, and if these assumptions
> consist of an empty set, removing this field as it only complicates
> things without providing any measurable value.
>
> --
> Margus
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8H8EdH24180 for ietf-pkix-bks; Mon, 17 Sep 2001 01:14:39 -0700 (PDT)
Received: from atsgw.cyber.ee (atsgw.cyber.ee [195.50.202.13]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8H8EZD24175 for <ietf-pkix@imc.org>; Mon, 17 Sep 2001 01:14:35 -0700 (PDT)
Received: Message by Barricade atsgw.cyber.ee with ESMTP id f8H8EMd26270 for <ietf-pkix@imc.org>; Mon, 17 Sep 2001 10:14:22 +0200
Message-ID: <3BA5B16D.83BB2F94@cyber.ee>
Date: Mon, 17 Sep 2001 10:16:45 +0200
From: Margus Freudenthal <margus@cyber.ee>
X-Mailer: Mozilla 4.77 [en] (WinNT; U)
X-Accept-Language: ee,et,en
MIME-Version: 1.0
To: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA235AA.F2BD91E1@bull.net> <00c001c13d47$fff9ae10$64fea8c0@beethoven>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-info: Headers changed by Barricade
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
John Thielens wrote:
>
> > 4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
>
> I believe #4 is the correct answer (I have seen enough variation in the ordering to preclude #1 and #2 -- perhaps this is why CMS uses SET OF instead of SEQUENCE OF, although it also commits the sin of OPTIONAL without SIZE (1..MAX)). #4 puts the onus squarely on the relying party's shoulders to assess the applicability of the certificates to substantiate the signature. Of course, the server SHOULD only put in useful certs, but the client MUST NOT count on it.
>
If the client can not count on something, this feature is not very
useful. In this case, the client must still implement functionality for
retrieving certificates needed for verification of the OCSP response
(this is a MUST, because I can't rely on the OCSP response itself).
Retrieving certificates from the OCSP response itself means that the
client developer must do additional work in hope that some OCSP
responder will put something useful in the response.
I would suggest explicitly stating the assumptions that the client can
make about the content of the certs field, and if these assumptions
consist of an empty set, removing this field as it only complicates
things without providing any measurable value.
--
Margus
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8F0YRI20194 for ietf-pkix-bks; Fri, 14 Sep 2001 17:34:27 -0700 (PDT)
Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8F0YPD20190 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 17:34:25 -0700 (PDT)
Received: from tsg1 ([12.81.87.211]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010915003423.FAAL28026.mtiwmhc25.worldnet.att.net@tsg1>; Sat, 15 Sep 2001 00:34:23 +0000
Message-ID: <051c01c13d7e$20700370$020aff0c@tsg1>
From: "todd glassey" <todd.glassey@worldnet.att.net>
To: <agregorio@acm.org>, <ietf-pkix@imc.org>
References: <20010913143001.A15814@server.speedcom.it>
Subject: Re: Untrusting a Trusted Third Party: TSA.
Date: Fri, 14 Sep 2001 17:32:16 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Alfonso - The instant of trust for the issuance of the time stamping token
happens when
the token is verified. At this instant the TSA can easily return a
commentary to the questioning client that its clocks drifted xy and z amount
and as such the relying party can take the testimony of the TSA as being
that the actual time the incident happened was XY and Z + drift_value.
There is nothing anywhere that says that the TST itself is the testimony of
the TSA, just the token to prove that some TS was actually issued - i.e its
a receipt and not a very good one. This is an important concept and is
crucial to many many use models.
Todd
----- Original Message -----
From: "Alfonso De Gregorio" <agregorio@acm.org>
To: <ietf-pkix@imc.org>
Sent: Thursday, September 13, 2001 5:30 AM
Subject: Untrusting a Trusted Third Party: TSA.
>
> Hi Everyone,
>
> The following consideration is quite obvious; however, it's intriguing
> to see how the TSP allows a user to perform a simple test against a
> TSA that he doesn't trust anymore.
>
> Assume a user is afraid that a TSA is issuing time-stamp tokens while
> not in synchronization with UTC; after all if a TSA use a trustworthy
> source of time and include a trustworthy time value for each time-stamp
> token is not necessarily ensuring that the clock doesn't drift outside
> the declared accuracy (this is addressed in ETSI - STF 178-T1 draft H).
>
> The test
> The ordering of time-stamp tokens issued by different TSAs is only
> possible when the _absolute value_ (*) of the difference between the
> genTime of the first time-stamp token and the genTime of the second
> time-stamp token is greater than the sum of the accuracies of the
> genTime for each time-stamp token.
>
> *) partially contrarywise to what is asserted in section 2.4.2 of rfc3161.
>
> TSA-1: the tsa not trusted anymore by alice
> TSA-2..TSA-3: tsa still trusted by alice
>
> 1. Alice send a TimeStampReq to TSA-1 (TSA1Req) where
> TimeStampReq.messageImprint is simply an hash of a document kept
> secret (Alice_doc);
> 2. Upon receiving the response (TSA1Response), Alice hash the received
> time-stamp token ( hash(TSA1Response) ) and send as quickly as possible
> a time-stamp request to TSA2 (TSA2Req), where
> TimeStampReq.messageImprint is hash(TSA1Response);
> 3. if the absolute value of the difference of the first time-stamp token
> and the genTime of the second time-stamp token ( abs(x) ) is greater
> than the sum of the accuracies of the genTime for each time-stamp
> token, Alice can order the two tokens; but for a positive value of
> the difference we have a consistent chain of time-stamp
> request/response, and for a negative a contradictory result.
>
> x = TSA2Response.genTime - TSA1Response.genTime;
> while abs( x ) > (TSA2Response.accuracy + TSA1Response.accuracy)
> if x > 0 --> TSA2Resoponse follows TSA1Response
> if x < 0 --> TSA2Response is _antecedents_ to TSA1Response
>
> Alice can prove the opposite showing the chained sequence of time-stamp
> requests:
> a. Alice_doc
> b. TSA1Response.TSTInfo.messageImprint = hash(Alice_doc)
> c. TSA2Response.TSTInfo.messageImprint(hash(TSA1Response))
>
>
> Sincerely,
> alfonso
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8F0YGY20186 for ietf-pkix-bks; Fri, 14 Sep 2001 17:34:16 -0700 (PDT)
Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8F0YED20182 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 17:34:14 -0700 (PDT)
Received: from tsg1 ([12.81.87.211]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010915003411.EZXN28026.mtiwmhc25.worldnet.att.net@tsg1>; Sat, 15 Sep 2001 00:34:11 +0000
Message-ID: <051701c13d7e$1956ff30$020aff0c@tsg1>
From: "todd glassey" <todd.glassey@worldnet.att.net>
To: "Cristian Marinescu" <cristian.marinescu@omicron.at>, <libel@paris.md>
Cc: <ietf-pkix@imc.org>
References: <01Sep13.162944gmt+0200.29577@gw.omicron.at>
Subject: Re: Question about TSP (rfc 3161)
Date: Fri, 14 Sep 2001 17:31:35 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
----- Original Message -----
From: "Cristian Marinescu" <cristian.marinescu@omicron.at>
To: <libel@paris.md>
Cc: <ietf-pkix@imc.org>
Sent: Thursday, September 13, 2001 7:27 AM
Subject: RE: Question about TSP (rfc 3161)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I agree, there is in practice (at least for the moment,
> when everyone is trying to put a TSA together, more or less
> draft compliant), no reason for having such flags.
>
> But, it is also not stupid.
> Let's imagine that some day the TSP will be really used
> by everyone. :)
For what purpose??? This is the issue, as it has always been Cristian. What
kind of use model would you have this TSA used for?
Personally I can't think of anything that I would want to use this TSP for.
If I need digital testimony between two or more parties that is keenly
established by some Human's testimon, as is the testimony of this TSA, then
why not cut the overhead of running the TSA out of the picture and just
continue to do things the way they are now. Its much less expensive and has
the exact same legal stature in a court. This is now and has always been the
problem with this TSP.
The real use of a TSP is for the creation of an evidentiary token to
memorialize the receipt of some event that was witnessed by a TTP (The TSA).
The Token is the receipt for the trust process, not the process itself and
so... with that said - Why would I want to use this TSP? What does it do for
me as a technology? It allows me to verify signatures in time... OK but I
can do that inside a PKI enhanced application without the overhead of some
protocol that only creates a postage stamp when what I really want is a
grocery receipt.
This is why the mandating of the inclusion of a Use Model is so critical
since now there is this rush to push this particular protocol into legal
standing as part of the EU's operating policy. Trying to create a necessity
to use a protocol by law is ludicrous and speaks well of everyone involved
eh? - NOT
Again in closing - What use models/process did you have in mind?
Todd Glassey
> Hard to imagine, but let's try.
> This will rise the problem of DOS attack, and some
> people, (as I have done myself) will implement the TSA
> and limit the number of parallel requests (and let's understand
> by this the number of spawn processes, or threads) to a fix number. So
> they will
> just return an error back. This is actually not a nice thing
> to do. And I presume, people there, writing the draft,
> tried to be nice: well, if I get a request, but,
> I don't have time to give a response right away, because
> I am busy, let's store the request and tell the person to try
> again sometimes later.
> Perhaps there is also the possibility
> that your clock is at that moment not available, (I would
> like to believe that there will be TSA's out there that won't read
> the time from the local system, like I do at the moment...) or maybe
> some
> other resource... how could I know?? :)
> In any case you have to take cautions about the overflooding with
> requests (or even pending requests, that havn't been answered yet)
>
> Well, at least this is the reason I can imagine. Perhaps
> there are also some other (dark!) reasons, but I would like
> to hear/read about them from the TSP gurus. :))
>
> Kindly regards,
> Cristian
>
>
> > -----Original Message-----
> > From: libel@paris.md [mailto:libel@paris.md]
> > Sent: Mittwoch, 12. September 2001 10:19
> > To: ietf-pkix@imc.org
> > Subject: Question about TSP (rfc 3161)
> >
> >
> >
> > Hi,
> >
> >
> > I would like to know what are the reasons for introducing the
> > flags "pollReq",
> > "pollResp" and "negPollRep" in the socket based protocol
> > (section 3.3).
> >
> >
> > It would mean that a tsa server can divide the der code he
> > calculated for the
> > response. But why would it do that?
> >
> >
> > Thanks
> >
> >
> > Libel
> >
> >
> > --
> > Get your firstname@lastname email for FREE at
> http://Nameplanet.com/?su
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.0.2i
>
> iQA/AwUBO6C0P8V5iyNCxCiSEQL9aQCg/DF+dzS6QV+dLFvVV6HTNTF3xvgAoOaZ
> GSkggGhyqVBA6fFIRTnn+4bu
> =FFSm
> -----END PGP SIGNATURE-----
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EMfRB18779 for ietf-pkix-bks; Fri, 14 Sep 2001 15:41:27 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EMfPD18775 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 15:41:25 -0700 (PDT)
Received: from zolera.com (pool-141-154-54-191.bos.east.verizon.net [141.154.54.191]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8EMfra23757; Fri, 14 Sep 2001 18:41:53 -0400
Message-ID: <3BA287B5.65755F33@zolera.com>
Date: Fri, 14 Sep 2001 18:41:57 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: EKR <ekr@rtfm.com>
CC: "David P. Kemp" <dpkemp@missi.ncsc.mil>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA257E1.95281AB4@zolera.com> <kjheu54e7p.fsf@romeo.rtfm.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Off-list discussion, Eric clarified my incorrect memory allocation. TLS
does allow the *server* to send a list of known CA's, not the client.
But I still don't understand this part of David's note:
> > > those PKI programs,
> > > such as S/MIME, whose specifications are not so short sighted as to forbid it?
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EM2Aj18381 for ietf-pkix-bks; Fri, 14 Sep 2001 15:02:10 -0700 (PDT)
Received: from romeo.rtfm.com ([198.144.203.242]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EM28D18377 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 15:02:08 -0700 (PDT)
Received: (from ekr@localhost) by romeo.rtfm.com (8.11.3/8.11.1) id f8EM9E240618; Fri, 14 Sep 2001 15:09:14 -0700 (PDT) (envelope-from ekr)
To: Rich Salz <rsalz@zolera.com>
Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA257E1.95281AB4@zolera.com>
Reply-to: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 14 Sep 2001 15:09:14 -0700
In-Reply-To: Rich Salz's message of "Fri, 14 Sep 2001 15:17:53 -0400"
Message-ID: <kjheu54e7p.fsf@romeo.rtfm.com>
Lines: 13
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Rich Salz <rsalz@zolera.com> writes:
> > Is that 99.9999% of all PKI programs (i.e. SSL clients, which are forbidden
> > from handling cross-certification*), or 99.9999% of those PKI programs,
> > such as S/MIME, whose specifications are not so short sighted as to forbid it?
>
> With a claim like 99.9999% you want me to be specific?
>
> I'm having trouble parsing that last line of yours. Doesn't TLS allow
> the client to send a "known CA" list?
No--though there is some discussion of adding an extension for that purpose.
-Ekr
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EJIXo15408 for ietf-pkix-bks; Fri, 14 Sep 2001 12:18:33 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EJIVD15402 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:18:31 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJO00501304XW@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 12:19:16 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJO005KN30384@ext-mail.valicert.com>; Fri, 14 Sep 2001 12:19:15 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT352D1>; Fri, 14 Sep 2001 12:11:49 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 12:11:40 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Dr S N Henson'" <drh@celocom.com>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE307@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve --
Excellent point!
Ryan
-----Original Message-----
From: Dr S N Henson [mailto:drh@celocom.com]
Sent: Friday, September 14, 2001 11:21 AM
To: Pkix (E-mail)
Subject: Re: Clarification request on RFC 2560
Ryan Hurst wrote:
>
>
> Lets change the question, is there consensus that this is the correct
usage
> of the certs[] attribute?
>
I would say that RFC2560 is unclear on this point. Some might take the
wording to suggest otherwise. For example twice in section 4.2.2.2 it
uses the term:
"the certificate used to validate the signature on the response".
The use of "the" might be taking to mean that there is only one such
certificate.
> I personally believe so; I do not see how one could deal with multiple ca
> responses without this methodology. Additionally I do not see any
downsides
> to this method.
>
Certainly without this methodology it can't be handled via a delegated
responder certificate. That would just leave the messy alternative of
local configuration.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
Received: by above.proper.com (8.11.6/8.11.3) id f8EJHKk15334 for ietf-pkix-bks; Fri, 14 Sep 2001 12:17:20 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EJHID15317 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:17:19 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8EJHpa22148; Fri, 14 Sep 2001 15:17:51 -0400
Message-ID: <3BA257E1.95281AB4@zolera.com>
Date: Fri, 14 Sep 2001 15:17:53 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
CC: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> Is that 99.9999% of all PKI programs (i.e. SSL clients, which are forbidden
> from handling cross-certification*), or 99.9999% of those PKI programs,
> such as S/MIME, whose specifications are not so short sighted as to forbid it?
With a claim like 99.9999% you want me to be specific?
I'm having trouble parsing that last line of yours. Doesn't TLS allow
the client to send a "known CA" list?
/r$
Received: by above.proper.com (8.11.6/8.11.3) id f8EJHEL15306 for ietf-pkix-bks; Fri, 14 Sep 2001 12:17:14 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EJH1D15291 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:17:01 -0700 (PDT)
Received: from [128.33.238.247] (tc238-247.bbn.com [128.33.238.247]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id PAA28149; Fri, 14 Sep 2001 15:19:05 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com (Unverified)
Message-Id: <p05010402b7c800093f97@[128.33.238.214]>
In-Reply-To: <01Sep13.162944gmt+0200.29577@gw.omicron.at>
References: <01Sep13.162944gmt+0200.29577@gw.omicron.at>
Date: Fri, 14 Sep 2001 14:43:57 -0400
To: Cristian Marinescu <cristian.marinescu@omicron.at>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Question about TSP (rfc 3161)
Cc: libel@paris.md, ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 4:27 PM +0200 9/13/01, Cristian Marinescu wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>I agree, there is in practice (at least for the moment,
>when everyone is trying to put a TSA together, more or less
>draft compliant), no reason for having such flags.
>
>But, it is also not stupid.
>Let's imagine that some day the TSP will be really used
>by everyone. :) Hard to imagine, but let's try.
>This will rise the problem of DOS attack, and some
>people, (as I have done myself) will implement the TSA
>and limit the number of parallel requests (and let's understand
>by this the number of spawn processes, or threads) to a fix number. So
>they will
>just return an error back. This is actually not a nice thing
>to do. And I presume, people there, writing the draft,
>tried to be nice: well, if I get a request, but,
>I don't have time to give a response right away, because
>I am busy, let's store the request and tell the person to try
>again sometimes later.
>Perhaps there is also the possibility
>that your clock is at that moment not available, (I would
>like to believe that there will be TSA's out there that won't read
>the time from the local system, like I do at the moment...) or maybe
>some
>other resource... how could I know?? :)
>In any case you have to take cautions about the overflooding with
>requests (or even pending requests, that havn't been answered yet)
>
>Well, at least this is the reason I can imagine. Perhaps
>there are also some other (dark!) reasons, but I would like
>to hear/read about them from the TSP gurus. :))
>
>Kindly regards,
>Cristian
TSP may be carried over various lower layer protocols. A TSA that
wants to reject DoS attacks could require its clients to use a lower
layer security protocol that facilitates this, e.g., IPsec.
Steve
Received: by above.proper.com (8.11.6/8.11.3) id f8EJ4WS14536 for ietf-pkix-bks; Fri, 14 Sep 2001 12:04:32 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EJ4VD14530 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:04:31 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJO005012CRTW@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 12:05:15 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJO005GP2CR84@ext-mail.valicert.com>; Fri, 14 Sep 2001 12:05:15 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT352AY>; Fri, 14 Sep 2001 11:57:48 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 11:57:43 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Rich Salz'" <rsalz@zolera.com>, Ambarish Malpani <ambarish@valicert.com>
Cc: Dr S N Henson <drh@celocom.com>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE303@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Rich --
Did I say that :), I am now embarrassed that I asked the question!
Yes that would be a cross-certification case.
As far as our "OCSP responder" product :) is concerned it depends on its
configuration...
Ryan
-----Original Message-----
From: Rich Salz [mailto:rsalz@zolera.com]
Sent: Friday, September 14, 2001 10:46 AM
To: Ambarish Malpani
Cc: Dr S N Henson; Pkix (E-mail)
Subject: Re: Clarification request on RFC 2560
It sure sounded like Ryan's note ssaid a single key with multiple CA's
verifying it, and the client finds the right verifier. Or does your VA
product use a separate keypair for each CA it handles?
>issue of a single VA/OCSP Responder ...
You sure you want to risk losing your TM on "Validation Authority" by
consistently using it generically? :)
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EJ3kp14490 for ietf-pkix-bks; Fri, 14 Sep 2001 12:03:46 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EJ3jD14485 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:03:45 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJO005012BDTG@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 12:04:26 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJO004OH2BDTF@ext-mail.valicert.com>; Fri, 14 Sep 2001 12:04:25 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT352AQ>; Fri, 14 Sep 2001 11:56:58 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 11:56:50 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: Ambarish Malpani <ambarish@valicert.com>, "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "David P. Kemp" <dpkemp@missi.ncsc.mil>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE302@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Excerpt from the RFC to support Ambarish's note:
2.6 OCSP Signature Authority Delegation
.... This certificate MUST be issued directly to the
responder by the cognizant CA.
Ryan
-----Original Message-----
From: Ambarish Malpani [mailto:ambarish@valicert.com]
Sent: Friday, September 14, 2001 10:58 AM
To: 'Denis Pinkas'; David P. Kemp
Cc: Pkix (E-mail)
Subject: RE: Clarification request on RFC 2560
Hi Denis,
My interpretation is (4).
It is a bag of certificates that the recipient could find useful
to validate the request/response.
There may be some extraneous/irrelevant certificates, there might
not be all the certificates the client needs.
NOTE: IN THE CA DELEGATED TRUST MODEL FOR OCSP, THE RESPONDER MUST
BE DIRECTLY CERTIFIED BY THE CA - THERE MAY NOT BE CHAINING OF
ARBITRARY DEPTH I.E. IF CA1 CERTIFIES CA2, IT CAN'T CERTIFY
AN OCSP RESPONDER AND HAVE THAT TRUSTED AS A CA DELEGATED OCSP
RESPONDER FOR CA2.
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Friday, September 14, 2001 9:52 AM
> To: David P. Kemp
> Cc: Pkix (E-mail)
> Subject: Re: Clarification request on RFC 2560
>
>
>
>
> > Is that 99.9999% of all PKI programs (i.e. SSL clients,
> which are forbidden
> > from handling cross-certification*), or 99.9999% of those
> PKI programs,
> > such as S/MIME, whose specifications are not so short
> sighted as to forbid it?
> >
> > Dave
> >
> > * SSL 3.0: "certificate_list - This is a sequence (chain)
> of X.509 certificates,
> > ordered with the sender's certificate first and
> the [sender's] root
> > certificate authority last."
>
> So my question again: Is certs in the OCSP response:
>
> 1) a sequence (chain) of X.509 certificates, ordered with
> the sender's
> certificate first followed by useful certificates ?
>
> 2) a sequence (chain) of X.509 certificates, ordered with
> the sender's
> certificate and only one chain of certificates with the [sender's]
> root certificate authority last ?
>
> 3) a sequence (chain) of (always) "useful" X.509 certificates ?
>
> 4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
>
> In Section 4.1.2 which is specific to the request, the text says: "the
> requestor MAY include certificates that help the OCSP
> responder verify the
> requestor's signature in the certs field of Signature". The
> question is
> whether "the requestor MAY include certificates that help the OCSP
> responder" or whether "the requestor MAY include certificates
> that *MAY*
> help the OCSP responder". In the fisrt case, they really
> help, so at least
> some certificates from a valid chain shall be included. In
> the second case,
> they MAY help, so they may also not help, so any kind of
> certificate may be
> included.
>
> Note that the last interpretation allows for all the others.
>
> Where do we go from this ?
>
> Denis
>
> > > > An OCSP client might assume that only a single
> certificate corresponds
> > > > to the responder ID and for example just look for the
> first certificate
> > > > in the certs attribute which matches the reponder ID
> and verify that.
> > >
> > > I think most -- like 99.9999% -- PKI programs are not
> equipped to handle
> > > cross-certified entities.
> > > /r$
> > >
> > > --
> > > Zolera Systems, Your Key to Online Integrity
> > > Securing Web services: XML, SOAP, Dig-sig, Encryption
> > > http://www.zolera.com
>
Received: by above.proper.com (8.11.6/8.11.3) id f8EINQ413270 for ietf-pkix-bks; Fri, 14 Sep 2001 11:23:26 -0700 (PDT)
Received: from anchor-post-30.mail.demon.net (anchor-post-30.mail.demon.net [194.217.242.88]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EINOD13266 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 11:23:24 -0700 (PDT)
Received: from drh-consultancy.demon.co.uk ([193.237.150.98] helo=celocom.com) by anchor-post-30.mail.demon.net with esmtp (Exim 2.12 #1) id 15hxcY-000DP6-0U for ietf-pkix@imc.org; Fri, 14 Sep 2001 19:23:24 +0100
Message-ID: <3BA24A7C.C2DA4A7D@celocom.com>
Date: Fri, 14 Sep 2001 19:20:44 +0100
From: Dr S N Henson <drh@celocom.com>
Organization: S N Henson
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2FA@exchange.valicert.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ryan Hurst wrote:
>
>
> Lets change the question, is there consensus that this is the correct usage
> of the certs[] attribute?
>
I would say that RFC2560 is unclear on this point. Some might take the
wording to suggest otherwise. For example twice in section 4.2.2.2 it
uses the term:
"the certificate used to validate the signature on the response".
The use of "the" might be taking to mean that there is only one such
certificate.
> I personally believe so; I do not see how one could deal with multiple ca
> responses without this methodology. Additionally I do not see any downsides
> to this method.
>
Certainly without this methodology it can't be handled via a delegated
responder certificate. That would just leave the messy alternative of
local configuration.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EIDUq13106 for ietf-pkix-bks; Fri, 14 Sep 2001 11:13:30 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EIDSD13102 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 11:13:28 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00501ZZODN@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 11:14:12 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN004E6ZZOTF@ext-mail.valicert.com>; Fri, 14 Sep 2001 11:14:12 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35HWT>; Fri, 14 Sep 2001 11:06:45 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 11:06:37 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "David P. Kemp" <dpkemp@missi.ncsc.mil>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2FE@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis --
I would say #5 :)
5) a sequence of (always) "useful" X.509 certificates
This allows for most cases to work; I do not see the benefit in restricting
the use of this attribute to a chain either. The only problem I see with
leaving its use generic is that there will be different uses of the
attribute, for that reason I would like to see a recommendation on its use;
possibly:
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
The certs is field is a sequence X.509 certificates that may be useful
to a client when verifying a response. When included it SHOULD contain
all responder certificates that are associated with the signature on
the response.
Ryan
-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Friday, September 14, 2001 9:52 AM
To: David P. Kemp
Cc: Pkix (E-mail)
Subject: Re: Clarification request on RFC 2560
> Is that 99.9999% of all PKI programs (i.e. SSL clients, which are
forbidden
> from handling cross-certification*), or 99.9999% of those PKI programs,
> such as S/MIME, whose specifications are not so short sighted as to forbid
it?
>
> Dave
>
> * SSL 3.0: "certificate_list - This is a sequence (chain) of X.509
certificates,
> ordered with the sender's certificate first and the [sender's]
root
> certificate authority last."
So my question again: Is certs in the OCSP response:
1) a sequence (chain) of X.509 certificates, ordered with the sender's
certificate first followed by useful certificates ?
2) a sequence (chain) of X.509 certificates, ordered with the sender's
certificate and only one chain of certificates with the [sender's]
root certificate authority last ?
3) a sequence (chain) of (always) "useful" X.509 certificates ?
4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
In Section 4.1.2 which is specific to the request, the text says: "the
requestor MAY include certificates that help the OCSP responder verify the
requestor's signature in the certs field of Signature". The question is
whether "the requestor MAY include certificates that help the OCSP
responder" or whether "the requestor MAY include certificates that *MAY*
help the OCSP responder". In the fisrt case, they really help, so at least
some certificates from a valid chain shall be included. In the second case,
they MAY help, so they may also not help, so any kind of certificate may be
included.
Note that the last interpretation allows for all the others.
Where do we go from this ?
Denis
> > > An OCSP client might assume that only a single certificate corresponds
> > > to the responder ID and for example just look for the first
certificate
> > > in the certs attribute which matches the reponder ID and verify that.
> >
> > I think most -- like 99.9999% -- PKI programs are not equipped to handle
> > cross-certified entities.
> > /r$
> >
> > --
> > Zolera Systems, Your Key to Online Integrity
> > Securing Web services: XML, SOAP, Dig-sig, Encryption
> > http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EI6dD12979 for ietf-pkix-bks; Fri, 14 Sep 2001 11:06:39 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EI6cD12975 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 11:06:38 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00501ZO9BS@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 11:07:22 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN00533ZO984@ext-mail.valicert.com>; Fri, 14 Sep 2001 11:07:21 -0700 (PDT)
Received: from beethoven (192.168.51.200 [192.168.51.200]) by polaris.valicert.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id SMT35HVR; Fri, 14 Sep 2001 10:59:54 -0700
Date: Fri, 14 Sep 2001 14:06:33 -0400
From: John Thielens <johnt@valicert.com>
Subject: Re: Clarification request on RFC 2560
To: Denis Pinkas <Denis.Pinkas@bull.net>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <00c001c13d47$fff9ae10$64fea8c0@beethoven>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Content-type: text/plain; charset="iso-8859-1"
X-Priority: 3
X-MSMail-priority: Normal
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil> <3BA235AA.F2BD91E1@bull.net>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f8EI6cD12976
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis:
> So my question again: Is certs in the OCSP response:
>
> 1) a sequence (chain) of X.509 certificates, ordered with the sender's
> certificate first followed by useful certificates ?
>
> 2) a sequence (chain) of X.509 certificates, ordered with the sender's
> certificate and only one chain of certificates with the [sender's]
> root certificate authority last ?
>
> 3) a sequence (chain) of (always) "useful" X.509 certificates ?
>
> 4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
I believe #4 is the correct answer (I have seen enough variation in the ordering to preclude #1 and #2 -- perhaps this is why CMS uses SET OF instead of SEQUENCE OF, although it also commits the sin of OPTIONAL without SIZE (1..MAX)). #4 puts the onus squarely on the relying party's shoulders to assess the applicability of the certificates to substantiate the signature. Of course, the server SHOULD only put in useful certs, but the client MUST NOT count on it.
John
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EI4TO12946 for ietf-pkix-bks; Fri, 14 Sep 2001 11:04:29 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EI4SD12942 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 11:04:28 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00501ZKOB3@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 11:05:12 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN004CCZKOTF@ext-mail.valicert.com>; Fri, 14 Sep 2001 11:05:12 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35HVB>; Fri, 14 Sep 2001 10:57:45 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 10:57:43 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "David P. Kemp" <dpkemp@missi.ncsc.mil>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B5F@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Denis,
My interpretation is (4).
It is a bag of certificates that the recipient could find useful
to validate the request/response.
There may be some extraneous/irrelevant certificates, there might
not be all the certificates the client needs.
NOTE: IN THE CA DELEGATED TRUST MODEL FOR OCSP, THE RESPONDER MUST
BE DIRECTLY CERTIFIED BY THE CA - THERE MAY NOT BE CHAINING OF
ARBITRARY DEPTH I.E. IF CA1 CERTIFIES CA2, IT CAN'T CERTIFY
AN OCSP RESPONDER AND HAVE THAT TRUSTED AS A CA DELEGATED OCSP
RESPONDER FOR CA2.
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Friday, September 14, 2001 9:52 AM
> To: David P. Kemp
> Cc: Pkix (E-mail)
> Subject: Re: Clarification request on RFC 2560
>
>
>
>
> > Is that 99.9999% of all PKI programs (i.e. SSL clients,
> which are forbidden
> > from handling cross-certification*), or 99.9999% of those
> PKI programs,
> > such as S/MIME, whose specifications are not so short
> sighted as to forbid it?
> >
> > Dave
> >
> > * SSL 3.0: "certificate_list - This is a sequence (chain)
> of X.509 certificates,
> > ordered with the sender's certificate first and
> the [sender's] root
> > certificate authority last."
>
> So my question again: Is certs in the OCSP response:
>
> 1) a sequence (chain) of X.509 certificates, ordered with
> the sender's
> certificate first followed by useful certificates ?
>
> 2) a sequence (chain) of X.509 certificates, ordered with
> the sender's
> certificate and only one chain of certificates with the [sender's]
> root certificate authority last ?
>
> 3) a sequence (chain) of (always) "useful" X.509 certificates ?
>
> 4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
>
> In Section 4.1.2 which is specific to the request, the text says: "the
> requestor MAY include certificates that help the OCSP
> responder verify the
> requestor's signature in the certs field of Signature". The
> question is
> whether "the requestor MAY include certificates that help the OCSP
> responder" or whether "the requestor MAY include certificates
> that *MAY*
> help the OCSP responder". In the fisrt case, they really
> help, so at least
> some certificates from a valid chain shall be included. In
> the second case,
> they MAY help, so they may also not help, so any kind of
> certificate may be
> included.
>
> Note that the last interpretation allows for all the others.
>
> Where do we go from this ?
>
> Denis
>
> > > > An OCSP client might assume that only a single
> certificate corresponds
> > > > to the responder ID and for example just look for the
> first certificate
> > > > in the certs attribute which matches the reponder ID
> and verify that.
> > >
> > > I think most -- like 99.9999% -- PKI programs are not
> equipped to handle
> > > cross-certified entities.
> > > /r$
> > >
> > > --
> > > Zolera Systems, Your Key to Online Integrity
> > > Securing Web services: XML, SOAP, Dig-sig, Encryption
> > > http://www.zolera.com
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EHjSR12660 for ietf-pkix-bks; Fri, 14 Sep 2001 10:45:28 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EHjQD12656 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 10:45:26 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8EHjua21447; Fri, 14 Sep 2001 13:45:56 -0400
Message-ID: <3BA24255.D49215DD@zolera.com>
Date: Fri, 14 Sep 2001 13:45:57 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Ambarish Malpani <ambarish@valicert.com>
CC: Dr S N Henson <drh@celocom.com>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B59@exchange.valicert.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
It sure sounded like Ryan's note ssaid a single key with multiple CA's
verifying it, and the client finds the right verifier. Or does your VA
product use a separate keypair for each CA it handles?
>issue of a single VA/OCSP Responder ...
You sure you want to risk losing your TM on "Validation Authority" by
consistently using it generically? :)
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EGs7o11763 for ietf-pkix-bks; Fri, 14 Sep 2001 09:54:07 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EGs5D11759 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 09:54:05 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00401WBDPY@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 09:54:50 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN0049WWBD7T@ext-mail.valicert.com>; Fri, 14 Sep 2001 09:54:49 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35H21>; Fri, 14 Sep 2001 09:47:23 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 09:47:22 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Dr S N Henson'" <drh@celocom.com>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2FA@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve --
Well there goes one of my examples then :), I vaguely remember a
post to the OpenSSL dev list that implied that was what was implemented in
its implementation of OCSP.
Lets change the question, is there consensus that this is the correct usage
of the certs[] attribute?
I personally believe so; I do not see how one could deal with multiple ca
responses without this methodology. Additionally I do not see any downsides
to this method.
Ryan
-----Original Message-----
From: Dr S N Henson [mailto:drh@celocom.com]
Sent: Friday, September 14, 2001 4:01 AM
To: Pkix (E-mail)
Subject: Re: Clarification request on RFC 2560
Ryan Hurst wrote:
>
>
>
> <rmh>You are correct we are looking to prove #3 in this case, the response
> would have contained the each of the responder certificates associated
with
> the signature in the certs[] attribute (eg all three delegated responder
> certificates). The client would then look at each of the CertIDs in the
> response and then make sure that it had it can verify #3 against the
certs[]
> structure (of coarse after confirming that they are trusted).</rmh>
>
I wonder how many OCSP clients actually behave like that? OpenSSL,
currently at least, doesn't.
An OCSP client might assume that only a single certificate corresponds
to the responder ID and for example just look for the first certificate
in the certs attribute which matches the reponder ID and verify that.
This would reject the response in the above scenario.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EGqgO11736 for ietf-pkix-bks; Fri, 14 Sep 2001 09:52:42 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EGqeD11732 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 09:52:40 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA46108; Fri, 14 Sep 2001 18:54:50 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id SAA17374; Fri, 14 Sep 2001 18:52:06 +0200
Message-ID: <3BA235AA.F2BD91E1@bull.net>
Date: Fri, 14 Sep 2001 18:51:54 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
CC: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com> <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> Is that 99.9999% of all PKI programs (i.e. SSL clients, which are forbidden
> from handling cross-certification*), or 99.9999% of those PKI programs,
> such as S/MIME, whose specifications are not so short sighted as to forbid it?
>
> Dave
>
> * SSL 3.0: "certificate_list - This is a sequence (chain) of X.509 certificates,
> ordered with the sender's certificate first and the [sender's] root
> certificate authority last."
So my question again: Is certs in the OCSP response:
1) a sequence (chain) of X.509 certificates, ordered with the sender's
certificate first followed by useful certificates ?
2) a sequence (chain) of X.509 certificates, ordered with the sender's
certificate and only one chain of certificates with the [sender's]
root certificate authority last ?
3) a sequence (chain) of (always) "useful" X.509 certificates ?
4) a sequence (chain) of (possibly) "useful" X.509 certificates ?
In Section 4.1.2 which is specific to the request, the text says: "the
requestor MAY include certificates that help the OCSP responder verify the
requestor's signature in the certs field of Signature". The question is
whether "the requestor MAY include certificates that help the OCSP
responder" or whether "the requestor MAY include certificates that *MAY*
help the OCSP responder". In the fisrt case, they really help, so at least
some certificates from a valid chain shall be included. In the second case,
they MAY help, so they may also not help, so any kind of certificate may be
included.
Note that the last interpretation allows for all the others.
Where do we go from this ?
Denis
> > > An OCSP client might assume that only a single certificate corresponds
> > > to the responder ID and for example just look for the first certificate
> > > in the certs attribute which matches the reponder ID and verify that.
> >
> > I think most -- like 99.9999% -- PKI programs are not equipped to handle
> > cross-certified entities.
> > /r$
> >
> > --
> > Zolera Systems, Your Key to Online Integrity
> > Securing Web services: XML, SOAP, Dig-sig, Encryption
> > http://www.zolera.com
Received: by above.proper.com (8.11.6/8.11.3) id f8EGnEP11601 for ietf-pkix-bks; Fri, 14 Sep 2001 09:49:14 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EGnDD11597 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 09:49:13 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00401W39OM@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 09:49:57 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN0047YW397T@ext-mail.valicert.com>; Fri, 14 Sep 2001 09:49:57 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35HHM>; Fri, 14 Sep 2001 09:42:31 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 09:42:30 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Rich Salz'" <rsalz@zolera.com>, Dr S N Henson <drh@celocom.com>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B59@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Rich,
Are you referring to the issue of a single VA/OCSP Responder
supplying delegated certificates from multiple CAs in a response?
If so, I wouldn't go quite that far. I know of at least one
implemenation that does support this behavior (and don't think
there are 999,999 other implementations of OCSP out there...)
:-)
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Rich Salz [mailto:rsalz@zolera.com]
> Sent: Friday, September 14, 2001 7:53 AM
> To: Dr S N Henson
> Cc: Pkix (E-mail)
> Subject: Re: Clarification request on RFC 2560
>
>
>
> > An OCSP client might assume that only a single certificate
> corresponds
> > to the responder ID and for example just look for the first
> certificate
> > in the certs attribute which matches the reponder ID and
> verify that.
>
> I think most -- like 99.9999% -- PKI programs are not
> equipped to handle
> cross-certified entities.
> /r$
>
> --
> Zolera Systems, Your Key to Online Integrity
> Securing Web services: XML, SOAP, Dig-sig, Encryption
> http://www.zolera.com
>
Received: by above.proper.com (8.11.6/8.11.3) id f8EGjHS11547 for ietf-pkix-bks; Fri, 14 Sep 2001 09:45:17 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EGjGD11543 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 09:45:16 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00401VWONY@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 09:46:00 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN0046YVWO7T@ext-mail.valicert.com>; Fri, 14 Sep 2001 09:46:00 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35HG0>; Fri, 14 Sep 2001 09:38:34 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 09:38:33 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Dr S N Henson'" <drh@celocom.com>, "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B58@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Steve,
I would hope a lot of the clients would support this
capability (of a server supplying multiple certs in a response,
each showing that it had delegated authority from multiple CAs).
A lot of our customers run our server in a mode where it supports
multiple CAs - frequently multiple CAs that form a hierarchy.
By allowing a server to supply delegated certificates from multiple
CAs, a client can make a single query to a VA for a whole chain
(where the VA is the designated responder for all CAs in the chain).
This gives people a reasonable amount of efficiency - client needs
to make a single query for a whole chain.
If a client were not to support multiple delegated certs in a
response, it would need to make multiple queries.
Regards,
Ambarish
P.S. I know that we have supported this behavior in our toolkit
and apps for some time.
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Dr S N Henson [mailto:drh@celocom.com]
> Sent: Friday, September 14, 2001 4:01 AM
> To: Pkix (E-mail)
> Subject: Re: Clarification request on RFC 2560
>
>
>
> Ryan Hurst wrote:
> >
> >
> >
> > <rmh>You are correct we are looking to prove #3 in this
> case, the response
> > would have contained the each of the responder certificates
> associated with
> > the signature in the certs[] attribute (eg all three
> delegated responder
> > certificates). The client would then look at each of the
> CertIDs in the
> > response and then make sure that it had it can verify #3
> against the certs[]
> > structure (of coarse after confirming that they are trusted).</rmh>
> >
>
> I wonder how many OCSP clients actually behave like that? OpenSSL,
> currently at least, doesn't.
>
> An OCSP client might assume that only a single certificate corresponds
> to the responder ID and for example just look for the first
> certificate
> in the certs attribute which matches the reponder ID and verify that.
> This would reject the response in the above scenario.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: shenson@drh-consultancy.demon.co.uk
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: drh@celocom.com PGP key: via homepage.
>
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EGhBr11508 for ietf-pkix-bks; Fri, 14 Sep 2001 09:43:11 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EGh9D11503 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 09:43:09 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJN00401VT0NO@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 14 Sep 2001 09:43:49 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJN0046JVT07T@ext-mail.valicert.com>; Fri, 14 Sep 2001 09:43:48 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35HG5>; Fri, 14 Sep 2001 09:36:21 -0700
Content-return: allowed
Date: Fri, 14 Sep 2001 09:36:21 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Rich Salz'" <rsalz@zolera.com>, Dr S N Henson <drh@celocom.com>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F9@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Rich --
I would agree with that, however I do not see this case as being a
cross certification case; can you elaborate?
Ryan
-----Original Message-----
From: Rich Salz [mailto:rsalz@zolera.com]
Sent: Friday, September 14, 2001 7:53 AM
To: Dr S N Henson
Cc: Pkix (E-mail)
Subject: Re: Clarification request on RFC 2560
> An OCSP client might assume that only a single certificate corresponds
> to the responder ID and for example just look for the first certificate
> in the certs attribute which matches the reponder ID and verify that.
I think most -- like 99.9999% -- PKI programs are not equipped to handle
cross-certified entities.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EFt9309382 for ietf-pkix-bks; Fri, 14 Sep 2001 08:55:09 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EFt8D09375 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 08:55:08 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id f8EFsYq21482 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 11:54:34 -0400 (EDT)
Message-ID: <200109141554.f8EFsXM21478@stingray.missi.ncsc.mil>
Date: Fri, 14 Sep 2001 11:48:50 -0400
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
X-Mailer: Mozilla 4.77 [en] (X11; U; SunOS 5.7 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com> <3BA219B0.6E8BF728@zolera.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-H-S-Loop-Check-Ejzfr:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Is that 99.9999% of all PKI programs (i.e. SSL clients, which are forbidden
from handling cross-certification*), or 99.9999% of those PKI programs,
such as S/MIME, whose specifications are not so short sighted as to forbid it?
Dave
* SSL 3.0: "certificate_list - This is a sequence (chain) of X.509 certificates,
ordered with the sender's certificate first and the [sender's] root
certificate authority last."
Rich Salz wrote:
>
> > An OCSP client might assume that only a single certificate corresponds
> > to the responder ID and for example just look for the first certificate
> > in the certs attribute which matches the reponder ID and verify that.
>
> I think most -- like 99.9999% -- PKI programs are not equipped to handle
> cross-certified entities.
> /r$
>
> --
> Zolera Systems, Your Key to Online Integrity
> Securing Web services: XML, SOAP, Dig-sig, Encryption
> http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EFN9L05207 for ietf-pkix-bks; Fri, 14 Sep 2001 08:23:09 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EFN7D05202 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 08:23:07 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f8EFMrQ29400; Fri, 14 Sep 2001 08:22:53 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Ambarish Malpani" <ambarish@valicert.com>, "Denis Pinkas" <Denis.Pinkas@bull.net>
Cc: "IETF-PKIX" <ietf-pkix@imc.org>
Subject: CRLs for OCSP
Date: Fri, 14 Sep 2001 08:21:32 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDEEAACFAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B4E@exchange.valicert.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ambarish,
Actually I'm far less concerned about CRLs per se than the timeliness issue
that Carlisle and I discussed a few years back when he and I argued the
notions underlying OCSP. What concerns me are the systems-level
requirements that derive from assuming CRLs are the only and best means to
deliver OCSP-based (or equivalent) services.
It seems to me we are heading in that direction. That's not necessarily a
bad thing. I can see that in some instances CRLs are sufficient, especially
in very large-scale commercial deployments involving ad-hoc interactions
between autonomous trust domains. I can also see that in certain
deployments, high-frequency deltas can effectively address the timeliness
requirements OCSP might otherwise satisfy.
Yet a requirement on a more closed trust domain that it MUST produce a CRL
in order to deliver OCSP-based services seems to me to unduly burdensome.
Further, the exchange of equivalent information in support of delegated
validation (vice revocation) still remains an open issue in this context.
Lastly, there exists obvious issues when the periodicity of CRLs (as
generally practiced) is put up against the aperiodic and on-demand nature of
OCSP (or equivalent).
So, basically, I just think there's some issues to discuss. As I've heard
repeatedly in the IETF, current market practices and shipping products
should not be permitted to constrain our consideration of the best technical
solution going forward. I remain especially concerned that several
under-examined systems-level issues will cause problems down the road.
These are easily predictable today; we should be developing answers in a
concomitant fashion.
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EEq8k03757 for ietf-pkix-bks; Fri, 14 Sep 2001 07:52:08 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EEq6D03753 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 07:52:06 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8EEqVa20177; Fri, 14 Sep 2001 10:52:31 -0400
Message-ID: <3BA219B0.6E8BF728@zolera.com>
Date: Fri, 14 Sep 2001 10:52:32 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Dr S N Henson <drh@celocom.com>
CC: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com> <3BA1E351.B51B1385@celocom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> An OCSP client might assume that only a single certificate corresponds
> to the responder ID and for example just look for the first certificate
> in the certs attribute which matches the reponder ID and verify that.
I think most -- like 99.9999% -- PKI programs are not equipped to handle
cross-certified entities.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8EBm0L23664 for ietf-pkix-bks; Fri, 14 Sep 2001 04:48:00 -0700 (PDT)
Received: from raven.ecs.soton.ac.uk (raven.ecs.soton.ac.uk [152.78.70.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EBlxD23656 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 04:47:59 -0700 (PDT)
Received: from hawk.ecs.soton.ac.uk (hawk.ecs.soton.ac.uk [152.78.68.142]) by raven.ecs.soton.ac.uk (8.9.3/8.9.3) with ESMTP id MAA00456 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:48:05 +0100 (BST)
Received: from jap.ecs.soton.ac.uk (jap.ecs.soton.ac.uk [152.78.69.201]) by hawk.ecs.soton.ac.uk (8.9.3/8.9.3) with ESMTP id MAA03295 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 12:47:56 +0100 (BST)
Message-Id: <4.3.1.2.20010914093212.026167a0@pop.ecs.soton.ac.uk>
X-Sender: jap@pop.ecs.soton.ac.uk
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Fri, 14 Sep 2001 12:44:47 +0100
To: ietf-pkix@imc.org
From: J Adrian Pickering <jap@ecs.soton.ac.uk>
Subject: Re: Notary systems requirements
In-Reply-To: <20010913143201.C15814@server.speedcom.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 14:32 13/09/01 +0200, Alfonso De Gregorio wrote:
>what about to start to working on a document that collects requirements
>for notary systems based also on TSAs?
>
>In my opinion, the current TSP don't allows always the use of a
>time-stamp token as a proof-of-authorship, because the security
>analysis of the protocol don't address the possibility of a
>deliberate replay attack by a middleman replaying legitimate TS
>_requests_;...
<snip>
To avoid this attack, Alice must be required to hash the sign the
>document she wants to time-stamp; compute the hash over the signature
>of the signed data and set the messageImprint field of time-stamp
>request to the computed value (similarly to what is required in
>Appendix A, for the proof sign creation before corresponding certificate
>revocation).
Correct. This would be wise anyway if you want to counter Rabin's attack
i.e. make your own peculiar alteration to the base data - what you suggest
is just that. If the TSA chooses to work by 'open declaration' of its
timestamping records then this also can help check what is claimed to be
happening. The courts will examine the evidence available and make their
own judgement.
TSAs may well not want to respond to unsolicited requests (a) to avoid DoS
attacks and (b) to ensure only paid-up subscribers get the service.
Therefore, there must be some identity/source checking going on and the
courts may take some notice of this. However, this is outside the scope of TSP.
As someone who is interested in wider uses of TSP I would support looking
at these. However, I do not think this forum is the right place? PKIX
thrust is enabling and, in TSP, it has enabled. Yes?
Adrian Pickering/
Electronics and Computer Science
University of Southampton, UK
Received: by above.proper.com (8.11.6/8.11.3) id f8EBD0R20972 for ietf-pkix-bks; Fri, 14 Sep 2001 04:13:00 -0700 (PDT)
Received: from finch-post-10.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8EBCwD20962 for <ietf-pkix@imc.org>; Fri, 14 Sep 2001 04:12:58 -0700 (PDT)
Received: from drh-consultancy.demon.co.uk ([193.237.150.98] helo=celocom.com) by finch-post-10.mail.demon.net with esmtp (Exim 2.12 #1) id 15hqu1-000Cm5-0A for ietf-pkix@imc.org; Fri, 14 Sep 2001 11:12:57 +0000
Message-ID: <3BA1E351.B51B1385@celocom.com>
Date: Fri, 14 Sep 2001 12:00:33 +0100
From: Dr S N Henson <drh@celocom.com>
Organization: S N Henson
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Pkix (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Clarification request on RFC 2560
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ryan Hurst wrote:
>
>
>
> <rmh>You are correct we are looking to prove #3 in this case, the response
> would have contained the each of the responder certificates associated with
> the signature in the certs[] attribute (eg all three delegated responder
> certificates). The client would then look at each of the CertIDs in the
> response and then make sure that it had it can verify #3 against the certs[]
> structure (of coarse after confirming that they are trusted).</rmh>
>
I wonder how many OCSP clients actually behave like that? OpenSSL,
currently at least, doesn't.
An OCSP client might assume that only a single certificate corresponds
to the responder ID and for example just look for the first certificate
in the certs attribute which matches the reponder ID and verify that.
This would reject the response in the above scenario.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8E46cl17028 for ietf-pkix-bks; Thu, 13 Sep 2001 21:06:38 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8E46aD17024 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 21:06:36 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00101WSBXZ@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 21:07:23 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM000PBWSA6E@ext-mail.valicert.com>; Thu, 13 Sep 2001 21:07:22 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35F27>; Thu, 13 Sep 2001 20:59:57 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 20:59:57 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'andrews@adacel.com.au'" <andrews@adacel.com.au>
Cc: "Pkix (E-mail)" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2F0@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Andrew --
Nice to meet you, you will find my answers in line.
-----Original Message-----
From: Andrew Sciberras [mailto:andrews@adacel.com.au]
Sent: Thursday, September 13, 2001 7:31 PM
To: 'Ryan Hurst'
Cc: Pkix (E-mail)
Subject: RE: Clarification request on RFC 2560
Ryan,
I am at a loss to understand how the scenario which you have described below
will work.
Firstly, Your OCSP responder has 3 different signing certificates. Although
issued by different CA's, each certificate will contain the same key data.
<rmh>Yes, what is a certificate after all but a mechanism to bind an
identity to a private key, this facilitates multiple authorities attesting
to the identity (and in this case authority to respond on its behalf)</rmh>
When you receive a single request that asks for the status of 3 unrelated
certificates, which certificate will you sign the single response with?
<rmh>remember you do not sign with a certificate you sign with a private
key, so the responder would sign with its "delegated" key</rmh>
>From what I can see, section 4.2.2.2 states:
"..... They MUST reject the response if the certificate required to validate
the signature on the
response fails to meet at least one of the following criteria:
1. Matches a local configuration of OCSP signing authority for the
certificate in question; or
2. Is the certificate of the CA that issued the certificate in
question; or
3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage
extension and is issued by the CA that issued the certificate in
question.
"
The point that must be satisfied by the scenario described above is #3
which, amongst other things, states that the signing certificate must be
issued by the CA that issued the certificate in question.
Although all three of your signing certificates have the same keys,
shouldn't the OCSP client have to validate the response by looking at the
actual signing certificate and verifying that it was actually issued by the
CA in question?
<rmh>You are correct we are looking to prove #3 in this case, the response
would have contained the each of the responder certificates associated with
the signature in the certs[] attribute (eg all three delegated responder
certificates). The client would then look at each of the CertIDs in the
response and then make sure that it had it can verify #3 against the certs[]
structure (of coarse after confirming that they are trusted).</rmh>
How should the OCSP Client proceed at this point, since there are 3
unrelated certificates in question, with only one certificate signing the
response?
<rmh>Let me know if this answers your question</rmh>
Andrew Sciberras
Software Engineer
Adacel Technologies Ltd
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Ryan Hurst
> Sent: Friday, September 14, 2001 3:31 AM
> To: 'Denis Pinkas'; pkix
> Cc: Mike Myers; Ambarish Malpani
> Subject: RE: Clarification request on RFC 2560
>
>
>
> Denis --
>
> I agree this is not terribly clear in the RFC and your
> question is a
> common one (maybe we can get some amended text in this regard
> in the RFC?).
> In MOST of the implementations I have looked at (ours
> included) the certs
> portion of the structure is used to provide the client with
> the certificates
> associated with the signature on the response.
>
> Consider this scenario; I have a single OCSP responder
> configured to serve
> responses for 3 un-related certificate authorities. The
> responder has CA
> delegated certificates (each CA has certified the same
> request and key pair)
> from each of these certificate authorities (as per section
> 2.2 and 4.2.2.2
> of the OCSP RFC [2560]). I have a client who sends a single
> OCSP request for
> statuses for 3 unrelated certificates (one from each of the previously
> mentioned CAs) to the responder. For the responder to produce
> a response
> this response that could be verified by the client it needs to provide
> certificates that could be chained back to the issuer of the
> certificates in
> question, since a ResponderID only provides the options to
> identify the
> responder byName or byKey the responder needs to provide the
> client with the
> certificates associated with the response. In this case 3 different
> certificates (once again all with the same key material) thus
> allowing the
> client to establish that response was signed by an authority
> delegated by
> each issuing CA.
>
> Using the certs[0] for a single responder chain would then
> limit a responder
> to serving responses for one CA in a delegated scenario as
> described above.
>
> Also the CA delegated scenario described by section 2.6 of
> the RFC [2560]
> states:
>
> "A certificate's issuer explicitly delegates OCSP signing authority by
> issuing a certificate containing a unique value for
> extendedKeyUsage in the
> OCSP signer's certificate. This certificate MUST be issued
> directly to the
> responder by the cognizant CA"
>
> I interpret this to mean that only the issuer of the certificate must
> explicitly delegate to this authority, as such when verifying
> a response in
> this case I would only need the signing certificate not its chain.
>
>
> Ryan M. Hurst
> ValiCert, Inc.
>
>
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Thursday, September 13, 2001 3:20 AM
> To: pkix
> Cc: Mike Myers
> Subject: Clarification request on RFC 2560
>
>
>
> In RFC 2560 section 4.2.1 (OCSP Response), we have
>
> BasicOCSPResponse ::= SEQUENCE {
> tbsResponseData ResponseData,
> signatureAlgorithm AlgorithmIdentifier,
> signature BIT STRING,
> certs [0] EXPLICIT SEQUENCE OF
> Certificate OPTIONAL }
>
> Usually every ASN1 field is explained, but in that document
> the certs field
> is not explained.
>
> Should that optional field be interpreted to carry a sequence
> of possibly
> useful certificates ?
>
> Denis
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8E2Udj15916 for ietf-pkix-bks; Thu, 13 Sep 2001 19:30:39 -0700 (PDT)
Received: from arnie.adacel.com.au (arnie.adacel.com.au [203.36.26.147]) by above.proper.com (8.11.6/8.11.3) with SMTP id f8E2UYD15911 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 19:30:35 -0700 (PDT)
Received: (qmail 5900 invoked from network); 14 Sep 2001 02:37:33 -0000
Received: from shylock.adacel.com.au (HELO shylock) (203.8.85.11) by arnie.adacel.com.au with SMTP; 14 Sep 2001 02:37:33 -0000
Reply-To: <andrews@adacel.com.au>
From: "Andrew Sciberras" <andrews@adacel.com.au>
To: "'Ryan Hurst'" <ryanh@valicert.com>
Cc: "Pkix \(E-mail\)" <ietf-pkix@imc.org>
Subject: RE: Clarification request on RFC 2560
Date: Fri, 14 Sep 2001 12:31:28 +1000
Message-ID: <029001c13cc5$5c61ed30$0b5508cb@adacel.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2C4@exchange.valicert.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ryan,
I am at a loss to understand how the scenario which you have described below
will work.
Firstly, Your OCSP responder has 3 different signing certificates. Although
issued by different CA's, each certificate will contain the same key data.
When you receive a single request that asks for the status of 3 unrelated
certificates, which certificate will you sign the single response with?
>From what I can see, section 4.2.2.2 states:
"..... They MUST reject the response if the certificate required to validate
the signature on the
response fails to meet at least one of the following criteria:
1. Matches a local configuration of OCSP signing authority for the
certificate in question; or
2. Is the certificate of the CA that issued the certificate in
question; or
3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage
extension and is issued by the CA that issued the certificate in
question.
"
The point that must be satisfied by the scenario described above is #3
which, amongst other things, states that the signing certificate must be
issued by the CA that issued the certificate in question.
Although all three of your signing certificates have the same keys,
shouldn't the OCSP client have to validate the response by looking at the
actual signing certificate and verifying that it was actually issued by the
CA in question?
How should the OCSP Client proceed at this point, since there are 3
unrelated certificates in question, with only one certificate signing the
response?
Andrew Sciberras
Software Engineer
Adacel Technologies Ltd
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Ryan Hurst
> Sent: Friday, September 14, 2001 3:31 AM
> To: 'Denis Pinkas'; pkix
> Cc: Mike Myers; Ambarish Malpani
> Subject: RE: Clarification request on RFC 2560
>
>
>
> Denis --
>
> I agree this is not terribly clear in the RFC and your
> question is a
> common one (maybe we can get some amended text in this regard
> in the RFC?).
> In MOST of the implementations I have looked at (ours
> included) the certs
> portion of the structure is used to provide the client with
> the certificates
> associated with the signature on the response.
>
> Consider this scenario; I have a single OCSP responder
> configured to serve
> responses for 3 un-related certificate authorities. The
> responder has CA
> delegated certificates (each CA has certified the same
> request and key pair)
> from each of these certificate authorities (as per section
> 2.2 and 4.2.2.2
> of the OCSP RFC [2560]). I have a client who sends a single
> OCSP request for
> statuses for 3 unrelated certificates (one from each of the previously
> mentioned CAs) to the responder. For the responder to produce
> a response
> this response that could be verified by the client it needs to provide
> certificates that could be chained back to the issuer of the
> certificates in
> question, since a ResponderID only provides the options to
> identify the
> responder byName or byKey the responder needs to provide the
> client with the
> certificates associated with the response. In this case 3 different
> certificates (once again all with the same key material) thus
> allowing the
> client to establish that response was signed by an authority
> delegated by
> each issuing CA.
>
> Using the certs[0] for a single responder chain would then
> limit a responder
> to serving responses for one CA in a delegated scenario as
> described above.
>
> Also the CA delegated scenario described by section 2.6 of
> the RFC [2560]
> states:
>
> "A certificate's issuer explicitly delegates OCSP signing authority by
> issuing a certificate containing a unique value for
> extendedKeyUsage in the
> OCSP signer's certificate. This certificate MUST be issued
> directly to the
> responder by the cognizant CA"
>
> I interpret this to mean that only the issuer of the certificate must
> explicitly delegate to this authority, as such when verifying
> a response in
> this case I would only need the signing certificate not its chain.
>
>
> Ryan M. Hurst
> ValiCert, Inc.
>
>
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Thursday, September 13, 2001 3:20 AM
> To: pkix
> Cc: Mike Myers
> Subject: Clarification request on RFC 2560
>
>
>
> In RFC 2560 section 4.2.1 (OCSP Response), we have
>
> BasicOCSPResponse ::= SEQUENCE {
> tbsResponseData ResponseData,
> signatureAlgorithm AlgorithmIdentifier,
> signature BIT STRING,
> certs [0] EXPLICIT SEQUENCE OF
> Certificate OPTIONAL }
>
> Usually every ASN1 field is explained, but in that document
> the certs field
> is not explained.
>
> Should that optional field be interpreted to carry a sequence
> of possibly
> useful certificates ?
>
> Denis
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8E2J2l15711 for ietf-pkix-bks; Thu, 13 Sep 2001 19:19:02 -0700 (PDT)
Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8E2J0D15703 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 19:19:00 -0700 (PDT)
Received: from tsg1 ([12.81.109.102]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010914021857.OHMD28026.mtiwmhc25.worldnet.att.net@tsg1>; Fri, 14 Sep 2001 02:18:57 +0000
Message-ID: <026201c13cc3$96366100$020aff0c@tsg1>
From: "todd glassey" <todd.glassey@worldnet.att.net>
To: <agregorio@acm.org>, <ietf-pkix@imc.org>
References: <20010913143001.A15814@server.speedcom.it>
Subject: Re: Untrusting a Trusted Third Party: TSA.
Date: Thu, 13 Sep 2001 18:53:38 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Alfonso - I have said this many many times, but lets try it once more. The
instant of trust for the issuance of the time stamping token happens when
the token is verified. At this instant the TSA can easily return a
commentary to the questioning client that its clocks drifted xy and z amount
and as such the relying party can take the testimony of the TSA as being
that the actual time the incident happened was XY and Z + drift_value.
There is nothing anywhere that says that the TST itself is the testimony of
the TSA, just the token to prove that some TS was actually issued - i.e its
a receipt and not a very good one. This is an important concept and is
crucial to many many use models, but since the Authors decided not to add
use models to the draft or delineate them in a corresponding use document,
well...
Todd
----- Original Message -----
From: "Alfonso De Gregorio" <agregorio@acm.org>
To: <ietf-pkix@imc.org>
Sent: Thursday, September 13, 2001 5:30 AM
Subject: Untrusting a Trusted Third Party: TSA.
>
> Hi Everyone,
>
> The following consideration is quite obvious; however, it's intriguing
> to see how the TSP allows a user to perform a simple test against a
> TSA that he doesn't trust anymore.
>
> Assume a user is afraid that a TSA is issuing time-stamp tokens while
> not in synchronization with UTC; after all if a TSA use a trustworthy
> source of time and include a trustworthy time value for each time-stamp
> token is not necessarily ensuring that the clock doesn't drift outside
> the declared accuracy (this is addressed in ETSI - STF 178-T1 draft H).
>
> The test
> The ordering of time-stamp tokens issued by different TSAs is only
> possible when the _absolute value_ (*) of the difference between the
> genTime of the first time-stamp token and the genTime of the second
> time-stamp token is greater than the sum of the accuracies of the
> genTime for each time-stamp token.
>
> *) partially contrarywise to what is asserted in section 2.4.2 of rfc3161.
>
> TSA-1: the tsa not trusted anymore by alice
> TSA-2..TSA-3: tsa still trusted by alice
>
> 1. Alice send a TimeStampReq to TSA-1 (TSA1Req) where
> TimeStampReq.messageImprint is simply an hash of a document kept
> secret (Alice_doc);
> 2. Upon receiving the response (TSA1Response), Alice hash the received
> time-stamp token ( hash(TSA1Response) ) and send as quickly as possible
> a time-stamp request to TSA2 (TSA2Req), where
> TimeStampReq.messageImprint is hash(TSA1Response);
> 3. if the absolute value of the difference of the first time-stamp token
> and the genTime of the second time-stamp token ( abs(x) ) is greater
> than the sum of the accuracies of the genTime for each time-stamp
> token, Alice can order the two tokens; but for a positive value of
> the difference we have a consistent chain of time-stamp
> request/response, and for a negative a contradictory result.
>
> x = TSA2Response.genTime - TSA1Response.genTime;
> while abs( x ) > (TSA2Response.accuracy + TSA1Response.accuracy)
> if x > 0 --> TSA2Resoponse follows TSA1Response
> if x < 0 --> TSA2Response is _antecedents_ to TSA1Response
>
> Alice can prove the opposite showing the chained sequence of time-stamp
> requests:
> a. Alice_doc
> b. TSA1Response.TSTInfo.messageImprint = hash(Alice_doc)
> c. TSA2Response.TSTInfo.messageImprint(hash(TSA1Response))
>
>
> Sincerely,
> alfonso
>
Received: by above.proper.com (8.11.6/8.11.3) id f8E0lNe14035 for ietf-pkix-bks; Thu, 13 Sep 2001 17:47:23 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8E0lMD14031 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 17:47:23 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00101NK898@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 17:48:08 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM000IZNK83H@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 17:48:08 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT351ZH>; Thu, 13 Sep 2001 17:40:43 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 17:40:42 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: FW: Clarification request on RFC 2560
To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B52@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Sorry, Denis/Ryan. My mistake. Have clarified the use of that
field in responses in the candidate for a Draft Standard.
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Ryan Hurst
> Sent: Thursday, September 13, 2001 5:15 PM
> To: Ambarish Malpani
> Subject: RE: Clarification request on RFC 2560
>
>
> Ambarish that text is specific to the request...
>
> Ryan
>
> -----Original Message-----
> From: Ambarish Malpani [mailto:ambarish@valicert.com]
> Sent: Thursday, September 13, 2001 10:57 AM
> To: 'Denis Pinkas'; pkix
> Cc: Mike Myers
> Subject: RE: Clarification request on RFC 2560
>
>
>
> See section 4.1.2. It is explained over there.
>
> Regards,
> Ambarish
>
> ---------------------------------------------------------------------
> Ambarish Malpani
> Architect 650.567.5457
> ValiCert, Inc. ambarish@valicert.com
> 339 N. Bernardo Ave. http://www.valicert.com
> Mountain View, CA 94043
>
>
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Thursday, September 13, 2001 3:20 AM
> > To: pkix
> > Cc: Mike Myers
> > Subject: Clarification request on RFC 2560
> >
> >
> >
> >
> > In RFC 2560 section 4.2.1 (OCSP Response), we have
> >
> > BasicOCSPResponse ::= SEQUENCE {
> > tbsResponseData ResponseData,
> > signatureAlgorithm AlgorithmIdentifier,
> > signature BIT STRING,
> > certs [0] EXPLICIT SEQUENCE OF
> > Certificate OPTIONAL }
> >
> > Usually every ASN1 field is explained, but in that document
> > the certs field
> > is not explained.
> >
> > Should that optional field be interpreted to carry a sequence
> > of possibly
> > useful certificates ?
> >
> > Denis
> >
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DNXCN13119 for ietf-pkix-bks; Thu, 13 Sep 2001 16:33:12 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DNXCD13115 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 16:33:12 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00001K4LV0@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 16:33:57 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM0008MK4K6U@ext-mail.valicert.com>; Thu, 13 Sep 2001 16:33:56 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT351RH>; Thu, 13 Sep 2001 16:26:32 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 16:26:31 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Michael Myers'" <myers@coastside.net>, Denis Pinkas <Denis.Pinkas@bull.net>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B4E@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Mike, it is unclear to me why you consider CRLs to be a bad
mechanism for passing revocation data to OCSP responders.
The 2 big problems with CRLs are:
a. distribution of full CRL data to a large number of clients.
b. notifying all relying clients whenever a new (unexpected) CRL
has been produced due to a revocation event (ie. a CRL produced
earlier than the nextUpdate period on an old CRL).
We have deployed responders in a large number of places, where
we have used a push mechanism to send CRLs to our VA (our
OCSP server). This method has worked very well, even for pretty
large installations - the time to produce 100K CRLs isn't very
large. Neither is the time to get it from the CA to the VA.
The final relying parties are using OCSP and therefore getting
up to date responses, without needing to incur the overhead of
downloading full CRLs every time.
The CRL is just a standards based data
format for getting revocation information from the CA to the
VA - think of it as a database snapshot that is created
whenever the database changes.
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Michael Myers [mailto:myers@coastside.net]
> Sent: Thursday, September 13, 2001 11:26 AM
> To: Denis Pinkas
> Cc: IETF-PKIX
> Subject: RE: Removing expired certificates from CRLs.....
>
>
>
> Denis,
>
> Thank you for your consideration of historic aspect of
> digital signatures.
> I'm sure more work remains to be done in this area. I for one however
> remain more concerned of our broad assumptions regarding the
> use of periodic
> CRLs as the basis for aperiodic OCSP-based services that
> deliver on-demand
> class timeliness. Several systems-level issues are
> under-explored in this
> context. Within closed environments there might exist data exchange
> mechanisms that are fully responsive to the security requirements CRLs
> satisfy but do so in a means that enables not only the timely
> inter-domain
> exchange of revocation status, but validation status as well.
>
> Mike
>
>
>
> > -----Original Message-----
> > From: owner-ietf-pkix@mail.imc.org
> > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas
> > Sent: Thursday, September 13, 2001 1:31 AM
> > To: Michael Myers
> > Cc: IETF-PKIX
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> >
> > Michael,
> >
> > > Denis,
> > >
> > > What are your thoughts on the timeliness characteristic
> between OCSP and
> > > CRLs?
> >
> > Well ...
> >
> > I must admit that the definition of the archive cutofff (section
> > 4.4.4) from
> > RFC 2560 has always been very strange for me, since it
> defines a time
> > interval rather then an absolute time. I read several times
> the text and
> > could not figure out how in practice it would be used.
> >
> > The text talks about a retention interval without saying
> > explictly to which
> > event it is relative to.
> >
> > Is it the time interval beyond the notAfter date from a
> certificate ?
> > The text does not say so.
> >
> > In addition, the text is talking, as an example, of a retention
> > interval of
> > 7 years (!) whereas in the context of that thread we are
> only talking of
> > about a month.
> >
> > If I had to define from scratch the extension I would
> simply define an
> > absolute date (e.g. called
> ExtendedRevocationInformationDate, quite a
> > long name, but explicit) that could directly override the
> notAfter field
> > from the Validity field of a certificate. This would mean that this
> > extension allows to know until when the revocation information is
> > maintained. It is not directly related to the produceAt
> time. The only
> > condition is that, when it is present, it is always later
> than produceAt.
> >
> > This is a problem because, if I understand correctly RC
> 2560, we have the
> > following equation:
> >
> > ArchiveCutoff = producedAt - retention interval.
> >
> > I do not see a clear relationship between these two concepts.
> >
> > Unless you see one, it would mean that an extension different from
> > ArchiveCutoff would be necessary for OCSP responses so that
> we can have
> > identical concepts for CRLs and OCSP responses.
> >
> > Thanks for raising the question.
> >
> > Denis
> >
> > > Mike
> > >
> > > Michael Myers
> > > t: +415.819.1362
> > > e: mailto:mike@traceroutesecurity.com
> > > w: http://www.traceroutesecurity.com
> > >
> > > > -----Original Message-----
> > > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > > > Sent: Wednesday, September 12, 2001 12:35 AM
> > > > To: Michael Myers
> > > > Cc: IETF-PKIX
> > > > Subject: Re: Removing expired certificates from CRLs.....
> > > >
> > > >
> > > >
> > > > > All,
> > > > >
> > > > > I think a unique extension creates the least impact.
> > > > >
> > > > > More broadly though, what's really bothering me is my sense
> > that we're
> > > > > backing into the notion of a 1-1 between CRLs and
> online status
> > > > mechanisms.
> > > > >
> > > > > Assume an environment that both publishes CRLs and
> offers OCSP-based
> > > > > services against the same set of certificates. What if:
> > > > >
> > > > > a) The CA receives a revocation request at T1;
> > > > >
> > > > > b) A database state variable is flipped at T1+N;
> > > > >
> > > > > c) An OCSP request is received at T1+N+M;
> > > > >
> > > > > d) An OCSP response is transmitted at T1+N+M+K;
> > > > >
> > > > > e) Yet the next CRL cycle won't run (i.e. the cron
> > > > > job won't fire) until T1+X where X >> (N+M+K).
> > > > >
> > > > > Thus relying parties are enabled to pick and choose between
> > CRLs or OCSP
> > > > > depending on how it might benefit their argument for remedy
> > > > under digital
> > > > > signature laws.
> > > > >
> > > > > Thoughts, anyone?
> > > >
> > > > Some validation policies, like Signature policies are able to
> > say whether
> > > > CRLs or OCSP responses shall be used.
> > > >
> > > > As an example see: draft-ietf-smime-espolicies-01.txt
> > > >
> > > > EnuRevReq ::= ENUMERATED {
> > > > clrCheck (0),
> > > > --Checks must be made against current CRLs
> > > > -- (or authority revocation lists (ARL))
> > > > ocspCheck (1), -- The revocation status
> must be checked
> > > > -- using the Online Certificate
> Status Protocol
> > > > -- (OCSP),RFC 2450.
> > > > bothCheck (2),
> > > > -- Both CRL and OCSP checks must be
> carried out
> > > > eitherCheck (3),
> > > > -- At least one of CRL or OCSP checks must be
> > > > -- carried out
> > > > noCheck (4),
> > > > -- no check is mandated
> > > > other (5)
> > > > -- Other mechanism as defined by
> signature policy
> > > > -- extension
> > > > }
> > > >
> > > > If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is
> > mandated, then
> > > > there is no conflict between the two mechanisms.
> > > >
> > > > Denis
> > > >
> > > >
> > > > > Mike
> > > > >
> > > > > Michael Myers
> > > > > t: +415.819.1362
> > > > > e: mailto:mike@traceroutesecurity.com
> > > > > w: http://www.traceroutesecurity.com g
> > > >
> >
>
Received: by above.proper.com (8.11.6/8.11.3) id f8DN03k12347 for ietf-pkix-bks; Thu, 13 Sep 2001 16:00:03 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DN02D12341 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 16:00:02 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00L014V3W6@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 11:04:16 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM00LEM4V3ID@ext-mail.valicert.com>; Thu, 13 Sep 2001 11:04:15 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35C6K>; Thu, 13 Sep 2001 10:56:51 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 10:56:51 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, pkix <ietf-pkix@imc.org>
Cc: Mike Myers <myers@coastside.net>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B47@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
See section 4.1.2. It is explained over there.
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Thursday, September 13, 2001 3:20 AM
> To: pkix
> Cc: Mike Myers
> Subject: Clarification request on RFC 2560
>
>
>
>
> In RFC 2560 section 4.2.1 (OCSP Response), we have
>
> BasicOCSPResponse ::= SEQUENCE {
> tbsResponseData ResponseData,
> signatureAlgorithm AlgorithmIdentifier,
> signature BIT STRING,
> certs [0] EXPLICIT SEQUENCE OF
> Certificate OPTIONAL }
>
> Usually every ASN1 field is explained, but in that document
> the certs field
> is not explained.
>
> Should that optional field be interpreted to carry a sequence
> of possibly
> useful certificates ?
>
> Denis
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DN02612343 for ietf-pkix-bks; Thu, 13 Sep 2001 16:00:02 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DN00D12333 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 16:00:00 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00L013OGR4@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 10:38:40 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM00L9M3OGID@ext-mail.valicert.com>; Thu, 13 Sep 2001 10:38:40 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35CYB>; Thu, 13 Sep 2001 10:31:16 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 10:31:15 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Clarification request on RFC 2560
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, pkix <ietf-pkix@imc.org>
Cc: Mike Myers <myers@coastside.net>, Ambarish Malpani <ambarish@valicert.com>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE2C4@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis --
I agree this is not terribly clear in the RFC and your question is a
common one (maybe we can get some amended text in this regard in the RFC?).
In MOST of the implementations I have looked at (ours included) the certs
portion of the structure is used to provide the client with the certificates
associated with the signature on the response.
Consider this scenario; I have a single OCSP responder configured to serve
responses for 3 un-related certificate authorities. The responder has CA
delegated certificates (each CA has certified the same request and key pair)
from each of these certificate authorities (as per section 2.2 and 4.2.2.2
of the OCSP RFC [2560]). I have a client who sends a single OCSP request for
statuses for 3 unrelated certificates (one from each of the previously
mentioned CAs) to the responder. For the responder to produce a response
this response that could be verified by the client it needs to provide
certificates that could be chained back to the issuer of the certificates in
question, since a ResponderID only provides the options to identify the
responder byName or byKey the responder needs to provide the client with the
certificates associated with the response. In this case 3 different
certificates (once again all with the same key material) thus allowing the
client to establish that response was signed by an authority delegated by
each issuing CA.
Using the certs[0] for a single responder chain would then limit a responder
to serving responses for one CA in a delegated scenario as described above.
Also the CA delegated scenario described by section 2.6 of the RFC [2560]
states:
"A certificate's issuer explicitly delegates OCSP signing authority by
issuing a certificate containing a unique value for extendedKeyUsage in the
OCSP signer's certificate. This certificate MUST be issued directly to the
responder by the cognizant CA"
I interpret this to mean that only the issuer of the certificate must
explicitly delegate to this authority, as such when verifying a response in
this case I would only need the signing certificate not its chain.
Ryan M. Hurst
ValiCert, Inc.
-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Thursday, September 13, 2001 3:20 AM
To: pkix
Cc: Mike Myers
Subject: Clarification request on RFC 2560
In RFC 2560 section 4.2.1 (OCSP Response), we have
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Usually every ASN1 field is explained, but in that document the certs field
is not explained.
Should that optional field be interpreted to carry a sequence of possibly
useful certificates ?
Denis
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DN02P12342 for ietf-pkix-bks; Thu, 13 Sep 2001 16:00:02 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DN00D12335 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 16:00:01 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJM00L014PWVJ@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 13 Sep 2001 11:01:09 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJM00LE74PWID@ext-mail.valicert.com>; Thu, 13 Sep 2001 11:01:08 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT35C50>; Thu, 13 Sep 2001 10:53:44 -0700
Content-return: allowed
Date: Thu, 13 Sep 2001 10:53:43 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Michael Myers <myers@coastside.net>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4B46@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Denis,
The ArchiveCutoff text is a little difficult to understand,
but is correct I believe.
The way I think about it, the response is saying that "as long
as your certificate didn't expire before the date specified in
the ArchiveCutoff field, the status reflected in this response
is correct". Conversely, if your certificate expired before the
ArchiveCutoff date, it might have been revoked before expiry, but
I am not saying anything about that status.
The equation you have derived is absolutely correct and this is
exactly the semantics that I was expecting from the CRL extension
we are talking about.
Do we agree?
Regards,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Thursday, September 13, 2001 1:31 AM
> To: Michael Myers
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Michael,
>
> > Denis,
> >
> > What are your thoughts on the timeliness characteristic
> between OCSP and
> > CRLs?
>
> Well ...
>
> I must admit that the definition of the archive cutofff
> (section 4.4.4) from
> RFC 2560 has always been very strange for me, since it defines a time
> interval rather then an absolute time. I read several times
> the text and
> could not figure out how in practice it would be used.
>
> The text talks about a retention interval without saying
> explictly to which
> event it is relative to.
>
> Is it the time interval beyond the notAfter date from a certificate ?
> The text does not say so.
>
> In addition, the text is talking, as an example, of a
> retention interval of
> 7 years (!) whereas in the context of that thread we are only
> talking of
> about a month.
>
> If I had to define from scratch the extension I would simply define an
> absolute date (e.g. called ExtendedRevocationInformationDate, quite a
> long name, but explicit) that could directly override the
> notAfter field
> from the Validity field of a certificate. This would mean that this
> extension allows to know until when the revocation information is
> maintained. It is not directly related to the produceAt time. The only
> condition is that, when it is present, it is always later
> than produceAt.
>
> This is a problem because, if I understand correctly RC 2560,
> we have the
> following equation:
>
> ArchiveCutoff = producedAt - retention interval.
>
> I do not see a clear relationship between these two concepts.
>
> Unless you see one, it would mean that an extension different from
> ArchiveCutoff would be necessary for OCSP responses so that
> we can have
> identical concepts for CRLs and OCSP responses.
>
> Thanks for raising the question.
>
> Denis
>
> > Mike
> >
> > Michael Myers
> > t: +415.819.1362
> > e: mailto:mike@traceroutesecurity.com
> > w: http://www.traceroutesecurity.com
> >
> > > -----Original Message-----
> > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > > Sent: Wednesday, September 12, 2001 12:35 AM
> > > To: Michael Myers
> > > Cc: IETF-PKIX
> > > Subject: Re: Removing expired certificates from CRLs.....
> > >
> > >
> > >
> > > > All,
> > > >
> > > > I think a unique extension creates the least impact.
> > > >
> > > > More broadly though, what's really bothering me is my
> sense that we're
> > > > backing into the notion of a 1-1 between CRLs and online status
> > > mechanisms.
> > > >
> > > > Assume an environment that both publishes CRLs and
> offers OCSP-based
> > > > services against the same set of certificates. What if:
> > > >
> > > > a) The CA receives a revocation request at T1;
> > > >
> > > > b) A database state variable is flipped at T1+N;
> > > >
> > > > c) An OCSP request is received at T1+N+M;
> > > >
> > > > d) An OCSP response is transmitted at T1+N+M+K;
> > > >
> > > > e) Yet the next CRL cycle won't run (i.e. the cron
> > > > job won't fire) until T1+X where X >> (N+M+K).
> > > >
> > > > Thus relying parties are enabled to pick and choose
> between CRLs or OCSP
> > > > depending on how it might benefit their argument for remedy
> > > under digital
> > > > signature laws.
> > > >
> > > > Thoughts, anyone?
> > >
> > > Some validation policies, like Signature policies are
> able to say whether
> > > CRLs or OCSP responses shall be used.
> > >
> > > As an example see: draft-ietf-smime-espolicies-01.txt
> > >
> > > EnuRevReq ::= ENUMERATED {
> > > clrCheck (0),
> > > --Checks must be made against current CRLs
> > > -- (or authority revocation lists (ARL))
> > > ocspCheck (1), -- The revocation status must
> be checked
> > > -- using the Online Certificate Status Protocol
> > > -- (OCSP),RFC 2450.
> > > bothCheck (2),
> > > -- Both CRL and OCSP checks must be carried out
> > > eitherCheck (3),
> > > -- At least one of CRL or OCSP checks must be
> > > -- carried out
> > > noCheck (4),
> > > -- no check is mandated
> > > other (5)
> > > -- Other mechanism as defined by
> signature policy
> > > -- extension
> > > }
> > >
> > > If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is
> mandated, then
> > > there is no conflict between the two mechanisms.
> > >
> > > Denis
> > >
> > >
> > > > Mike
> > > >
> > > > Michael Myers
> > > > t: +415.819.1362
> > > > e: mailto:mike@traceroutesecurity.com
> > > > w: http://www.traceroutesecurity.com g
> > >
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DKngI10374 for ietf-pkix-bks; Thu, 13 Sep 2001 13:49:42 -0700 (PDT)
Received: from sottmxs02.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DKneD10370 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 13:49:40 -0700 (PDT)
Received: by sottmxs02.entrust.com with Internet Mail Service (5.5.2650.21) id <SSXMW0H4>; Thu, 13 Sep 2001 16:49:37 -0400
Message-ID: <B8C72DA21548524180BE5AB32D65F6C206D080@sottmxs09.entrust.com>
From: Carlisle Adams <carlisle.adams@entrust.com>
To: pbaker@verisign.com, "'Bob Jueneman'" <bjueneman@novell.com>
Cc: ietf-pkix@imc.org
Subject: RE: XACML OID tag?
Date: Thu, 13 Sep 2001 16:49:32 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13C95.96DE76C0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C13C95.96DE76C0
Content-Type: text/plain;
charset="iso-8859-7"
Content-Transfer-Encoding: quoted-printable
Hi Bob, Phill,
Forgive me if this sounds a bit harsh, but I do wish that some of the
critics of the attribute certificate portion of the X.509 specification =
were
more familiar with its contents.
I have no real interest in entering into a long thread on this topic, =
but I
have embedded some responses below (just for the sake of =
clarification).
Carlisle.
> ----------
> From: Bob Jueneman[SMTP:bjueneman@novell.com]
> Sent: Thursday, September 13, 2001 1:12 PM
> To: ietf-pkix@imc.org; pbaker@verisign.com
> Subject: RE: XACML OID tag?
>=20
> Phillip,
=20
(...some text deleted...)
> I do agree completely with your eloquent and highly descriptive =
"bogus
> with knobs on" characterization of a parallel, cross-certified =
identity
> and authorization certificate structure, with multiple trust roots =
for
> each attribute =AF such a concept is completely infeasible, and not =
worth
> even thinking about.
=20
(...more text deleted...)
> >>> "Hallam-Baker, Phillip" <pbaker@verisign.com> 09/13/01 09:37AM =
>>>
>=20
> Some responses to Bob's points and others.
=20
(...even more text deleted...)
> 3) Although SAML attribute assertions are similar to X509.v3 =
attribute
> certificates there are significant differences in the models. With
> attribute
> certificates the model is of issuing static pieces of data that have =
long
> validity intervals (days at least).=20
=20
No. The fact that a validity period is present in the certificate does =
not
mean that the interval must be long ("days at least"). A validity =
period
can obviously be for any length of time (even seconds). SAML =
assertions
also have validity periods. In both X.509 and SAML the model is =
flexible
and accommodates long-lived and short-lived ACs/assertions.
> The attribute certificates require the
> issuer to establish parallel identity and attribute certification
> hierarchies.=20
=20
No. The X.509 AC model allows (but does not require) parallel =
certification
"hierarchies" (I use quotes because there need not be a multi-level
hierarchy either; a single authority directly issuing end entity
certificates is consistent with both the model and the syntax of =
X.509).
The SAML model also allows (but does not require) parallel assertion
"hierarchies" -- the authentication authority and the attribute =
authority
may or may not be the same entity.
> The idea that end entity clients would ever implement cross
> certification is bogus.=20
=20
What do you mean by "implement"? By definition, end entities never =
actually
cross-certify (only authorities do that), so perhaps you simply mean =
that
end entities should never have to understand cross-certification. If =
so,
fair enough. But, like SAML, nothing in X.509 forces end entities to
understand cross-certification. The authorities in both models can
cross-certify or not (depending on the trust model in use in a given
environment), but the existence of protocols such as OCSP and SCVP are =
proof
enough that path validation (including cross-certification, if present) =
can
be delegated to a third party, freeing the end entity from the need to
understand any of these details.
> The idea that end entities are going to implement a
> functioning bifurcated authentication and attribute cross certified
> heterarchy with separate roots of trust is bogus with knobs on.
=20
See my previous response (with knobs on). The presence of
cross-certification (either on the identity side or the =
attribute/privilege
side) depends on the choice of trust model. However, this can be
independent from whether or not end entities understand such details =
and are
able to properly process such chains.
> 4) For the specific SAML uses of attribute assertions it is the PDP =
that
> performs the attribute processing and not the enforcement point (i.e. =
the
> device hooking into the system). The important upshot of this is that =
it
> is
> not necessary to standardize implementation of policy languages in =
the end
> entity devices.
=20
X.509 ACs can be implemented using exactly the same model. I don't
understand you point here.
> 5) SAML does not provide the status management functions of X.509 but =
the
> SAML framework may be readilly extended to support them, not least =
because
> XTASS, the original assertion framework on which SAML is based =
supported
> an
> assertion status mechanism (tier 4).
>=20
> If an attribute statement is simply a statement about a subject the
> chances
> are that a realtime OCSP type system will be much more satisfactory =
than a
> static certificate based system.=20
>=20
Note that "realtime OCSP" systems today are built specifically around =
the
concept of a "static certificate-based system". OCSP doesn't replace
certificates; it replaces CRLs (at least from the end entity's point of
view). I don't understand your sentence here.
> The number of accesses within the validity
> interval, the sparseness of the data, etc. is simply to small to make
> certificate issue worthwhile.=20
=20
Fine -- as long as something else is there to provide the integrity and
authenticity. Relying on the existence (and use!) of underlying secure
transport can be risky. There's no guarantee that it's there, and if =
it is
there, there's no guarantee that applications will actually use it
correctly. So, X.509 took the safer route and mandated certificates =
(i.e.,
authority signatures over the payload) for its identity and privilege
information. SAML (so far) has made this optional and compensated by =
saying
that the potential risks will be discussed in the Bindings or Security
Considerations sections. Maybe this will turn out to be far-sighted =
and
wise, but maybe it will just come back to bite us. Who knows?
The bottom line is that there is almost no difference (especially in =
overall
model) between an X.509 attribute certificate and a SAML attribute
assertion. The way they are used, the requirements on the end entity, =
the
presence or absence of cross-certification, etc., can all be identical =
in
any given environment or deployment. X.509 is perhaps more general in =
that
its syntax and descriptive text explicitly discuss how delegation and
cross-certification can be accomplished, but these are no more mandated =
in
X.509 than they are in SAML.
Carlisle.
------_=_NextPart_001_01C13C95.96DE76C0
Content-Type: text/html;
charset="iso-8859-7"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-7">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>RE: XACML OID tag?</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi Bob, =
Phill,</FONT>
</P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Forgive me =
if this sounds a bit harsh, but I do wish that some of the critics of =
the attribute certificate portion of the X.509 specification were more =
familiar with its contents.</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">I have no =
real interest in entering into a long thread on this topic, but I have =
embedded some responses below (just for the sake of =
clarification).</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman">Carlisle.</FONT>
</P>
<BR>
<UL>
<P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Bob =
Jueneman[SMTP:bjueneman@novell.com]</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Thursday, September 13, 2001 1:12 =
PM</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans =
Serif">ietf-pkix@imc.org; pbaker@verisign.com</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans =
Serif">RE: XACML OID tag?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Phillip,</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">(...some =
text deleted...)</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">I do agree completely with your =
eloquent and highly descriptive "bogus with knobs on" =
characterization of a parallel, cross-certified identity and =
authorization certificate structure, with multiple trust roots for each =
attribute =AF such a concept is completely infeasible, and not worth =
even thinking about.</FONT></P>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">(...more =
text deleted...)</FONT>
</P>
<BR>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">>>> "Hallam-Baker, =
Phillip" <pbaker@verisign.com> 09/13/01 09:37AM =
>>></FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Some responses to Bob's points and =
others.</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">(...even =
more text deleted...)</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">3) Although SAML attribute assertions =
are similar to X509.v3 attribute</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">certificates there are significant =
differences in the models. With attribute</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">certificates the model is of issuing =
static pieces of data that have long</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">validity intervals (days at least). =
</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">No. =
The fact that a validity period is present in the certificate does not =
mean that the interval must be long ("days at least"). =
A validity period can obviously be for any length of time (even =
seconds). SAML assertions also have validity periods. In =
both X.509 and SAML the model is flexible and accommodates long-lived =
and short-lived ACs/assertions.</FONT></P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">The attribute certificates require =
the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">issuer to establish parallel identity =
and attribute certification</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">hierarchies. </FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">No. =
The X.509 AC model allows (but does not require) parallel certification =
"hierarchies" (I use quotes because there need not be a =
multi-level hierarchy either; a single authority directly issuing end =
entity certificates is consistent with both the model and the syntax of =
X.509). The SAML model also allows (but does not require) =
parallel assertion "hierarchies" -- the authentication =
authority and the attribute authority may or may not be the same =
entity.</FONT></P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">The idea that end entity clients would =
ever implement cross</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">certification is bogus. </FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">What do =
you mean by "implement"? By definition, end entities =
never actually cross-certify (only authorities do that), so perhaps you =
simply mean that end entities should never have to understand =
cross-certification. If so, fair enough. But, like SAML, =
nothing in X.509 forces end entities to understand =
cross-certification. The authorities in both models can =
cross-certify or not (depending on the trust model in use in a given =
environment), but the existence of protocols such as OCSP and SCVP are =
proof enough that path validation (including cross-certification, if =
present) can be delegated to a third party, freeing the end entity from =
the need to understand any of these details.</FONT></P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">The idea that end entities are going =
to implement a</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">functioning bifurcated authentication =
and attribute cross certified</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">heterarchy with separate roots of =
trust is bogus with knobs on.</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">See my =
previous response (with knobs on). The presence of =
cross-certification (either on the identity side or the =
attribute/privilege side) depends on the choice of trust model. =
However, this can be independent from whether or not end entities =
understand such details and are able to properly process such =
chains.</FONT></P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">4) For the specific SAML uses of =
attribute assertions it is the PDP that</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">performs the attribute processing and =
not the enforcement point (i.e. the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">device hooking into the system). The =
important upshot of this is that it is</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">not necessary to standardize =
implementation of policy languages in the end</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">entity devices.</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">X.509 ACs =
can be implemented using exactly the same model. I don't =
understand you point here.</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">5) SAML does not provide the status =
management functions of X.509 but the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">SAML framework may be readilly =
extended to support them, not least because</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">XTASS, the original assertion =
framework on which SAML is based supported an</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">assertion status mechanism (tier =
4).</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">If an attribute statement is simply a =
statement about a subject the chances</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">are that a realtime OCSP type system =
will be much more satisfactory than a</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">static certificate based system. =
</FONT>
</P>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Note that =
"realtime OCSP" systems today are built specifically around =
the concept of a "static certificate-based system". =
OCSP doesn't replace certificates; it replaces CRLs (at least from the =
end entity's point of view). I don't understand your sentence =
here.</FONT></P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">The number of accesses within the =
validity</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">interval, the sparseness of the data, =
etc. is simply to small to make</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">certificate issue worthwhile. </FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Fine -- =
as long as something else is there to provide the integrity and =
authenticity. Relying on the existence (and use!) of underlying =
secure transport can be risky. There's no guarantee that it's =
there, and if it is there, there's no guarantee that applications will =
actually use it correctly. So, X.509 took the safer route and =
mandated certificates (i.e., authority signatures over the payload) for =
its identity and privilege information. SAML (so far) has made =
this optional and compensated by saying that the potential risks will =
be discussed in the Bindings or Security Considerations sections. =
Maybe this will turn out to be far-sighted and wise, but maybe it will =
just come back to bite us. Who knows?</FONT></P>
<BR>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">The bottom =
line is that there is almost no difference (especially in overall =
model) between an X.509 attribute certificate and a SAML attribute =
assertion. The way they are used, the requirements on the end =
entity, the presence or absence of cross-certification, etc., can all =
be identical in any given environment or deployment. X.509 is =
perhaps more general in that its syntax and descriptive text explicitly =
discuss how delegation and cross-certification can be accomplished, but =
these are no more mandated in X.509 than they are in SAML.</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman">Carlisle.</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C13C95.96DE76C0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DKi1x10275 for ietf-pkix-bks; Thu, 13 Sep 2001 13:44:01 -0700 (PDT)
Received: from johnson.mail.mindspring.net (johnson.mail.mindspring.net [207.69.200.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DKhxD10271 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 13:43:59 -0700 (PDT)
Received: from ASN-1.com (user-2ivf7lj.dialup.mindspring.com [165.247.158.179]) by johnson.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id QAA25130; Thu, 13 Sep 2001 16:43:53 -0400 (EDT)
Message-ID: <3BA11A10.C5ADDE48@ASN-1.com>
Date: Thu, 13 Sep 2001 16:41:52 -0400
From: Phil Griffin <phil.griffin@asn-1.com>
Organization: Griffin Consulting
X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Denis Pinkas <Denis.Pinkas@bull.net>
CC: pkix <ietf-pkix@imc.org>, Mike Myers <myers@coastside.net>
Subject: Re: Clarification request on RFC 2560
References: <3BA0885A.EC5A3AB4@bull.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis Pinkas wrote:
>
> In RFC 2560 section 4.2.1 (OCSP Response), we have
>
> BasicOCSPResponse ::= SEQUENCE {
> tbsResponseData ResponseData,
> signatureAlgorithm AlgorithmIdentifier,
> signature BIT STRING,
> certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
>
> Usually every ASN1 field is explained, but in that document the certs field
> is not explained.
>
> Should that optional field be interpreted to carry a sequence of possibly
> useful certificates ?
>
> Denis
That might be nice, but the big defect in this
ASN.1 is that there are two more or less "optional"
cases. One is when there are zero values of type
Certificate, and the other when the OPTIONAL "certs"
component is absent.
This could be fixed by defining or importing a type
Certificates ::= SEQUENCE SIZE(1..MAX) OF Certificate
and changing the definition of type BasicOCSPResponse
to
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT Certificates OPTIONAL
}
This would also provide better semantic meaning when a
value of type "BasicOCSPResponse" was defined in a user
application using the new ASN.1 XML Value Notation.
Phil Griffin
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DJxJ109470 for ietf-pkix-bks; Thu, 13 Sep 2001 12:59:19 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DJxID09466 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 12:59:18 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id f8DJttc08696 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 15:55:55 -0400 (EDT)
Message-ID: <200109131955.f8DJts708692@stingray.missi.ncsc.mil>
Date: Thu, 13 Sep 2001 15:53:03 -0400
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
X-Mailer: Mozilla 4.77 [en] (X11; U; SunOS 5.7 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <EOEGJNFMMIBDKGFONJJDCEPKCEAA.myers@coastside.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-H-S-Loop-Check-Ejzfr:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Mike,
To understand the broad assumptions more clearly, can you clarify the
distinction you see between "periodic" information and "on-demand class
timeliness" information?
An RFC 2560 OCSP response contains a "producedAt" field. Is there any
specific time beyond which a consumer should consider an OCSP response
produced at a certain time to be stale or potentially replayed?
1. If not, what prevents the consumer from relying on out-of-date
"on-demand class" information? Why would that prevention mechanism
not be equally applicable to CRLs that were produced immediately upon
each update to the revocation database?
2. If there is a specific timeliness requirement, why would periodic
CRLs generated more frequently than the requirement not be considered
to have "on-demand class timeliness"?
In other words, there are three possible signing strategies:
timer based (periodic), revocation event based, and query based.
There are two response data structures: CRL and OCSP.
Each of the two data structures can be generated using each of
the three signing strategies.
If you have some particular system-level issues, they would seem
to be more related to the choice of signing strategy than
the choice of data structure. For any meaning of "on-demand", and
for every choice of partition size (number of in-scope certificates
per response), a CRL can be as timely as, and is definitely much
smaller than, the equivalent OCSP request and response. What issues
do you see that could not be solved most efficiently by using CRLs
in a manner different from the traditional infrequent-update,
big-partition mode?
Dave
Michael Myers wrote:
>
> Denis,
>
> Thank you for your consideration of historic aspect of digital signatures.
> I'm sure more work remains to be done in this area. I for one however
> remain more concerned of our broad assumptions regarding the use of periodic
> CRLs as the basis for aperiodic OCSP-based services that deliver on-demand
> class timeliness. Several systems-level issues are under-explored in this
> context. Within closed environments there might exist data exchange
> mechanisms that are fully responsive to the security requirements CRLs
> satisfy but do so in a means that enables not only the timely inter-domain
> exchange of revocation status, but validation status as well.
>
> Mike
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DJVvR09127 for ietf-pkix-bks; Thu, 13 Sep 2001 12:31:57 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DJVtD09123; Thu, 13 Sep 2001 12:31:55 -0700 (PDT)
Received: from cspa06.nist.gov (cspa06.ncsl.nist.gov [129.6.54.23]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id PAA09954; Thu, 13 Sep 2001 15:31:56 -0400 (EDT)
Message-Id: <5.0.0.25.2.20010913151649.022c4e50@email.nist.gov>
X-Sender: chernick@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Thu, 13 Sep 2001 15:30:38 -0400
To: ietf-smime@imc.org, ietf-pkix@imc.org
From: Michael Chernick <chernick@nist.gov>
Subject: Reminder - Draft NIST S/MIME Profile - Comment Period Ends Soon
Cc: chernick@nist.gov, Tim.Polk@nist.gov
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_1829360==_.ALT"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--=====================_1829360==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
A Reminder.
At the SMIME session at the London IETF meeting, it was suggested that
NIST extend the deadline for comments on the Draft NIST S/MIME V3 Client
Profile. Also, it was suggested that this notice be sent to the PKIX list
as well as the SMIME list. The deadline for comments was extended
until 17 September 2001. THIS DATE IS FAST APPROACHING.
(NEXT WEEK.)
Thanks,
Mike Chernick
Here's the original announcement sent out
by Tim Polk on Monday, 2 July 2001 to the SMIME list.
---------Original Message Sent by Tim Polk to SMIME List on 2 July---------
FYI,
I have attached below the announcement for a recently released NIST draft
document concerning S/MIME V3. The document is intended to define an
appropriate subset of the S/MIME standards for broad application in the U.S.
Federal Government. NIST will be supporting this document through the
development of an automated conformance testing tool. We hope the deployment
of this tool will ease the development of conformant S/MIME V3 clients!
We are very interested in comments from both developers and the user
community. Please take the time to review the draft profile and NIST's plans
for the automated testing facility. We would appreciate comments on the
profile by 17 August 2001 (now extended to 17 September). Please send
comments to Mike Chernick (NIST's S/MIME project leader) at
<chernick@nist.gov>.
BTW, Mike will be presenting an overview of this project in the S/MIME WG
during the London IETF meeting. Both Mike and I will be there all week, and
will be available to discuss this project.
Thanks!
Tim Polk
----------------------
The U.S. National Institute of Standards and Technology (NIST) has recently
released a draft S/MIME V3 Client Profile. This profile was produced as
guidance in the development and procurement of commercial-off-the-shelf (COTS)
S/MIME-compliant products. This profile document identifies requirements for a
secure and interoperable S/MIME V3 client implementation. The profile cites
requirements for sending and receiving both signed and encrypted messages, as
well as requirements for signed receipt processing.
Although the S/MIME specifications were designed to promote interoperable
secure electronic mail, implementations may support different optional
services
and the specifications may unintentionally allow multiple interpretations.
As a
result, different implementations of S/MIME may not be fully interoperable or
provide the desired level of security. Conformance to this proposed profile
will help to assure that S/MIME implementations will be able to interoperate
and provide reasonable security assurance to users.
The Draft Profile is available (in PDF format) for public comment at:
http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf
Comments are requested by (**was 17 August 2001**) *****NOW EXTENDED TO
17 September 2001***** and should be sent to chernick@nist.gov.
NIST is developing tests and testing tools to determine the level of
conformance of an S/MIME V3 client implementation with this profile. It is
planned that within the next several months, NIST will have a remote testing
facility on-line which will allow S/MIME V3 messages to be sent to the NIST
test site for processing to determine if the remotely generated messages
conform to the profile. In addition, messages may be sent to the test site to
cause the NIST site to emit S/MIME V3 messages so that a remote system may
receive S/MIME V3 messages, and verify that remote system can process the
messages correctly.
Further information on the NIST S/MIME Program may be obtained at
http://csrc.ncsl.nist.gov/pki/smime/welcome.htm or by
contacting Michael Chernick at <chernick@nist.gov>.
----------------------------------------------------------------------------------
C. Michael Chernick
+1-301-975-3610 chernick@nist.gov
Computer Security Division
National Institute of Standards and Technology (NIST)
----------------------------------------------------------------------------------
--=====================_1829360==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
A Reminder.<br>
<br>
At the SMIME session at the London IETF meeting, it was suggested that
<br>
NIST extend the deadline for comments on the Draft NIST S/MIME V3 Client
<br>
Profile. Also, it was suggested that this notice be sent to the
PKIX list <br>
as well as the SMIME list. The deadline for comments was extended <br>
until 17 September 2001. THIS DATE IS FAST APPROACHING.
<br>
(NEXT WEEK.)<br>
<br>
Thanks, <br>
Mike Chernick<br>
<br>
<br>
Here's the original announcement sent out <br>
by Tim Polk on Monday, 2 July 2001 to the SMIME list. <br>
<br>
---------Original Message Sent by Tim Polk to SMIME List on 2
July--------- <br>
FYI,<br>
<br>
I have attached below the announcement for a recently released NIST draft
<br>
document concerning S/MIME V3. The document is intended to define an
<br>
appropriate subset of the S/MIME standards for broad application in the
U.S. <br>
Federal Government. NIST will be supporting this document through the
<br>
development of an automated conformance testing tool. We hope the
deployment <br>
of this tool will ease the development of conformant S/MIME V3
clients!<br>
<br>
We are very interested in comments from both developers and the user
<br>
community. Please take the time to review the draft profile and NIST's
plans <br>
for the automated testing facility. We would appreciate comments on the
<br>
profile by 17 August 2001 (now extended to 17 September). Please send
<br>
comments to Mike Chernick (NIST's S/MIME project leader) at
<chernick@nist.gov>.<br>
<br>
BTW, Mike will be presenting an overview of this project in the S/MIME WG
<br>
during the London IETF meeting. Both Mike and I will be there all week,
and <br>
will be available to discuss this project.<br>
<br>
Thanks!<br>
<br>
Tim Polk<br>
<br>
----------------------<br>
The U.S. National Institute of Standards and Technology (NIST) has
recently <br>
released a draft S/MIME V3 Client Profile. This profile was produced as
<br>
guidance in the development and procurement of commercial-off-the-shelf
(COTS) <br>
S/MIME-compliant products. This profile document identifies requirements
for a <br>
secure and interoperable S/MIME V3 client implementation. The profile
cites <br>
requirements for sending and receiving both signed and encrypted
messages, as <br>
well as requirements for signed receipt processing.<br>
<br>
Although the S/MIME specifications were designed to promote interoperable
<br>
secure electronic mail, implementations may support different optional
services <br>
and the specifications may unintentionally allow multiple
interpretations. As a <br>
result, different implementations of S/MIME may not be fully
interoperable or <br>
provide the desired level of security. Conformance to this proposed
profile <br>
will help to assure that S/MIME implementations will be able to
interoperate <br>
and provide reasonable security assurance to users.<br>
<br>
The Draft Profile is available (in PDF format) for public comment at:
<br>
<font color="#0000FF"><u><a href="http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf" eudora="autourl">http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.</a><a href="http://csrc.ncsl.nist.gov/pki/smime/draft_SMIMEProfile.pdf" eudora="autourl">pdf<br>
<br>
</a></u></font>Comments are requested by (**was 17 August 2001**)
*****NOW EXTENDED TO <br>
17 September 2001***** and should be sent to chernick@nist.gov.<br>
<br>
NIST is developing tests and testing tools to determine the level of
<br>
conformance of an S/MIME V3 client implementation with this profile. It
is <br>
planned that within the next several months, NIST will have a remote
testing <br>
facility on-line which will allow S/MIME V3 messages to be sent to the
NIST <br>
test site for processing to determine if the remotely generated messages
<br>
conform to the profile. In addition, messages may be sent to the test
site to <br>
cause the NIST site to emit S/MIME V3 messages so that a remote system
may <br>
receive S/MIME V3 messages, and verify that remote system can process the
<br>
messages correctly.<br>
<br>
Further information on the NIST S/MIME Program may be obtained at <br>
<font color="#0000FF"><u><a href="http://csrc.ncsl.nist.gov/pki/smime/welcome.htm" eudora="autourl">http://csrc.ncsl.nist.gov/pki/smime/welcome.</a><a href="http://csrc.ncsl.nist.gov/pki/smime/welcome.htm" eudora="autourl">htm</a></u></font>
or by <br>
contacting Michael Chernick at <chernick@nist.gov>.<br>
<br>
<x-sigsep><p></x-sigsep>
----------------------------------------------------------------------------------<br>
C. Michael Chernick<br>
+1-301-975-3610 chernick@nist.gov<br>
Computer Security Division <br>
National Institute of Standards and Technology (NIST)<br>
----------------------------------------------------------------------------------<br>
<br>
</html>
--=====================_1829360==_.ALT--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DIREH07832 for ietf-pkix-bks; Thu, 13 Sep 2001 11:27:14 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DIRDD07828 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 11:27:13 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f8DIR6Q27229; Thu, 13 Sep 2001 11:27:06 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>
Cc: "IETF-PKIX" <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Thu, 13 Sep 2001 11:25:44 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDCEPKCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <3BA06EAE.567922A1@bull.net>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis,
Thank you for your consideration of historic aspect of digital signatures.
I'm sure more work remains to be done in this area. I for one however
remain more concerned of our broad assumptions regarding the use of periodic
CRLs as the basis for aperiodic OCSP-based services that deliver on-demand
class timeliness. Several systems-level issues are under-explored in this
context. Within closed environments there might exist data exchange
mechanisms that are fully responsive to the security requirements CRLs
satisfy but do so in a means that enables not only the timely inter-domain
exchange of revocation status, but validation status as well.
Mike
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas
> Sent: Thursday, September 13, 2001 1:31 AM
> To: Michael Myers
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Michael,
>
> > Denis,
> >
> > What are your thoughts on the timeliness characteristic between OCSP and
> > CRLs?
>
> Well ...
>
> I must admit that the definition of the archive cutofff (section
> 4.4.4) from
> RFC 2560 has always been very strange for me, since it defines a time
> interval rather then an absolute time. I read several times the text and
> could not figure out how in practice it would be used.
>
> The text talks about a retention interval without saying
> explictly to which
> event it is relative to.
>
> Is it the time interval beyond the notAfter date from a certificate ?
> The text does not say so.
>
> In addition, the text is talking, as an example, of a retention
> interval of
> 7 years (!) whereas in the context of that thread we are only talking of
> about a month.
>
> If I had to define from scratch the extension I would simply define an
> absolute date (e.g. called ExtendedRevocationInformationDate, quite a
> long name, but explicit) that could directly override the notAfter field
> from the Validity field of a certificate. This would mean that this
> extension allows to know until when the revocation information is
> maintained. It is not directly related to the produceAt time. The only
> condition is that, when it is present, it is always later than produceAt.
>
> This is a problem because, if I understand correctly RC 2560, we have the
> following equation:
>
> ArchiveCutoff = producedAt - retention interval.
>
> I do not see a clear relationship between these two concepts.
>
> Unless you see one, it would mean that an extension different from
> ArchiveCutoff would be necessary for OCSP responses so that we can have
> identical concepts for CRLs and OCSP responses.
>
> Thanks for raising the question.
>
> Denis
>
> > Mike
> >
> > Michael Myers
> > t: +415.819.1362
> > e: mailto:mike@traceroutesecurity.com
> > w: http://www.traceroutesecurity.com
> >
> > > -----Original Message-----
> > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > > Sent: Wednesday, September 12, 2001 12:35 AM
> > > To: Michael Myers
> > > Cc: IETF-PKIX
> > > Subject: Re: Removing expired certificates from CRLs.....
> > >
> > >
> > >
> > > > All,
> > > >
> > > > I think a unique extension creates the least impact.
> > > >
> > > > More broadly though, what's really bothering me is my sense
> that we're
> > > > backing into the notion of a 1-1 between CRLs and online status
> > > mechanisms.
> > > >
> > > > Assume an environment that both publishes CRLs and offers OCSP-based
> > > > services against the same set of certificates. What if:
> > > >
> > > > a) The CA receives a revocation request at T1;
> > > >
> > > > b) A database state variable is flipped at T1+N;
> > > >
> > > > c) An OCSP request is received at T1+N+M;
> > > >
> > > > d) An OCSP response is transmitted at T1+N+M+K;
> > > >
> > > > e) Yet the next CRL cycle won't run (i.e. the cron
> > > > job won't fire) until T1+X where X >> (N+M+K).
> > > >
> > > > Thus relying parties are enabled to pick and choose between
> CRLs or OCSP
> > > > depending on how it might benefit their argument for remedy
> > > under digital
> > > > signature laws.
> > > >
> > > > Thoughts, anyone?
> > >
> > > Some validation policies, like Signature policies are able to
> say whether
> > > CRLs or OCSP responses shall be used.
> > >
> > > As an example see: draft-ietf-smime-espolicies-01.txt
> > >
> > > EnuRevReq ::= ENUMERATED {
> > > clrCheck (0),
> > > --Checks must be made against current CRLs
> > > -- (or authority revocation lists (ARL))
> > > ocspCheck (1), -- The revocation status must be checked
> > > -- using the Online Certificate Status Protocol
> > > -- (OCSP),RFC 2450.
> > > bothCheck (2),
> > > -- Both CRL and OCSP checks must be carried out
> > > eitherCheck (3),
> > > -- At least one of CRL or OCSP checks must be
> > > -- carried out
> > > noCheck (4),
> > > -- no check is mandated
> > > other (5)
> > > -- Other mechanism as defined by signature policy
> > > -- extension
> > > }
> > >
> > > If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is
> mandated, then
> > > there is no conflict between the two mechanisms.
> > >
> > > Denis
> > >
> > >
> > > > Mike
> > > >
> > > > Michael Myers
> > > > t: +415.819.1362
> > > > e: mailto:mike@traceroutesecurity.com
> > > > w: http://www.traceroutesecurity.com g
> > >
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DHXxa07023 for ietf-pkix-bks; Thu, 13 Sep 2001 10:33:59 -0700 (PDT)
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DHXvD07019 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 10:33:57 -0700 (PDT)
Received: from vhqpostal-gw2.verisign.com (mailer2.verisign.com [65.205.251.56]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id f8DHV6m01537; Thu, 13 Sep 2001 10:31:06 -0700 (PDT)
Received: by vhqpostal-gw2.verisign.com with Internet Mail Service (5.5.2653.19) id <R514XLZ7>; Thu, 13 Sep 2001 10:33:54 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586975D@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>, ietf-pkix@imc.org, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: XACML OID tag?
Date: Thu, 13 Sep 2001 10:33:47 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C13C7A.3E615F50"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C13C7A.3E615F50
Content-Type: text/plain;
charset="iso-8859-7"
> I realize that that scenario doesn't fit the business model
> of current TTP CAs very well, and at the same time I observe
> that the do it yourself model of CA toolkits isn't selling
> very well in the marketplace either. So I don't know whether
> that model is really feasible either ? it certainly hasn't
> done all that well to date.
The key to any complex system is where you put the complexity.
The idea of XKMS and SAML is to put the complexity where it is easily
accessible for maintenance as necessary. The unfortunate side effect of the
'end to end' theology is that too much complexity got embedded into the end
points which cannot be maintained reliably on a day to day basis and once
deployed may be in service for years or decades.
To make an analogy, the XKMS approach is equivalent to putting the access
panel to the compressor on the side of the hot tub, the PKIX approach is
putting the access panel underneath it.
The disadvantage of the SAML/XKMS approach is that it lowers the barrier to
entry for the end point but transfers that cost to the infrastructure. Ten
years ago no party had the necessary capital to invest in the infrastructure
required. Today much of the physical infrastructure is a sunk cost.
To make another analogy, the first electricity companies sold package
generators to individual factories, that model was quickly replaced by the
model in which one large paower station served an entire town and the
capital and maintenance costs were distributed over many more users gaining
economies of scale.
Phill
------_=_NextPart_000_01C13C7A.3E615F50
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C13C7A.3E615F50--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DHAWi06515 for ietf-pkix-bks; Thu, 13 Sep 2001 10:10:32 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DHATD06506 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 10:10:29 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Thu, 13 Sep 2001 11:10:31 -0600
Message-Id: <sba09427.018@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Thu, 13 Sep 2001 11:12:38 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-pkix@imc.org>, <pbaker@verisign.com>
Subject: RE: XACML OID tag?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f8DHATD06507
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Phillip,
Marshall Rose, back in the NADF days, used to have T-shirts with a picture of a pig with a wooden leg. There was a long-winded story that went with it about how marvelous this life-saving pig was, and the punch line was, "You wouldn't want to eat such a marvelous pig all at once, would you?", referring to the slow deployment of X.500.
That's sort of the way I feel about SAML and all of the X-everything alphabet soup that the standards of the month club is serving up these days (or at least promising to) ¯ I'm not sure that I want to eat that pig all at once.
I was thinking about including something like a SAML assertion (which I had incorrectly understood would be coded in XACML) within an X.509 certificate in order to at least try out some of the XML concepts and compare them to the bit-oriented MAC label approach we have described and partially implemented. Including them within an X.509 certificate might eventually end up being useful in its own right, or it might be merely a testing crutch or kludge.
I do agree completely with your eloquent and highly descriptive "bogus with knobs on" characterization of a parallel, cross-certified identity and authorization certificate structure, with multiple trust roots for each attribute ¯ such a concept is completely infeasible, and not worth even thinking about.
Having said that, that doesn't ipso facto mean that the SAML approach is necessarily better ¯ it may be or it may not be, and it may even suffer from some of the same problems. That's what I wanted to evaluate before jumping on the band wagon.
I suppose that it greatly depends on the use model that you have in mind. If you have a retail model in mind, where the user comes to one merchant (or a portal), say 4x4Tires.com, and is then redirected to BigWheels.com that sells stronger wheels for those guys that like to play in the mud, then a very limited duration attribute credential that gives the customer a 10% discount and maybe some kind of a kickback to the referring merchant is appropriate.
On the other hand, if the parts guy at JeepsRUs wants to order some wheels from Daimler-Chrysler, then it isn't at all obvious that he needs to first go to some local SAML server and then be redirected to Daimler with a 5 minute credential in hand. He could have been issued a semi-permanent certificate/credential containing the necessary entitlements by the dealer (and oh by the way an organizational person identity vouched for by the same dealer), and the dealer's certificate could have either been issued by Daimler or cross-certified by them. In either case, the duration of that certificate might well last for a year or more, and it isn't at all obvious that an real-time OCSP mechanism is necessary to validate that certificate over and over again. Cached CRLs would do just fine.
I realize that that scenario doesn't fit the business model of current TTP CAs very well, and at the same time I observe that the do it yourself model of CA toolkits isn't selling very well in the marketplace either. So I don't know whether that model is really feasible either ¯ it certainly hasn't done all that well to date.
But given the general lack of success (i.e., revenue) in this arena to date, I certainly don't want to launch yet another huge effort on the basis of "if we build it they will come" hope and hype.
I agree with the rest of your comments.
Bob
>>> "Hallam-Baker, Phillip" <pbaker@verisign.com> 09/13/01 09:37AM >>>
Some responses to Bob's points and others.
1) There is no OID and if there was I have no idea what the semantics of the
OID would be.
2) The way to link a SAML assertion to a certificate is to use the KeyInfo
element of the SubjectConfirmation field to identify the authentication
credentials of the subject to which the assertion is bound. This may be
either by the Certificate itself, by the certificate serial and issuer or by
the public key parameters.
3) Although SAML attribute assertions are similar to X509.v3 attribute
certificates there are significant differences in the models. With attribute
certificates the model is of issuing static pieces of data that have long
validity intervals (days at least). The attribute certificates require the
issuer to establish parallel identity and attribute certification
hierarchies. The idea that end entity clients would ever implement cross
certification is bogus. The idea that end entities are going to implement a
functioning bifurcated authentication and attribute cross certified
heterarchy with separate roots of trust is bogus with knobs on.
4) For the specific SAML uses of attribute assertions it is the PDP that
performs the attribute processing and not the enforcement point (i.e. the
device hooking into the system). The important upshot of this is that it is
not necessary to standardize implementation of policy languages in the end
entity devices.
5) SAML does not provide the status management functions of X.509 but the
SAML framework may be readilly extended to support them, not least because
XTASS, the original assertion framework on which SAML is based supported an
assertion status mechanism (tier 4).
If an attribute statement is simply a statement about a subject the chances
are that a realtime OCSP type system will be much more satisfactory than a
static certificate based system. The number of accesses within the validity
interval, the sparseness of the data, etc. is simply to small to make
certificate issue worthwhile.
The intended use for the tier 4 meta-assertion scheme is to manage
assertions that map to negotiable financial instruments.
6) I agree with Hal on the points he made, however remember that the SAML
working group has a very narrow scope. The assertion framework on which SAML
is based was designed as a very general purpose vehicle.
7) We examnined the use of XER encoding at length for a full 6 minutes early
in the design of XTASS/XKMS/SAML/XKASS/XTAML when it was all called TAXI
(Trust Assertion XML Infrastructure). It would be a completely worthless
exercise. There is no intrinsic value in the XML syntax over the X.509 great
enough to outweigh the fact that there is a massive X.509v3/BER installed
base. There is no value therefore in introducing a new PKI syntax unless the
semantics are also changed to allow uses that were not possible before.
8) The idea of canonicalization is broken. It was broken in DER it is still
broken in XML Signature. If you want to be able to check signatures put the
responsibility on the infrastructure not to mess with the bits. The minute
you try to support applications that slightly mangle data you lose big. The
ability to burst a certificate into components and put it in a directory
*and then delete the original* is bogus, was bogus and will remain bogus.
If digital signatures had been implemented in the very first email systems
then gateways would never have got into the idiotic charater set and line
wrapping transformations that break so many messages. That task should
always have been performed by the end client. The reason IP works and many
competitors do not, is that unlike other schemes IP does not mangle the
contents of each packet in transit.
9) If you really wanted to you could use X.509 as a signature envelope for
SAML assertions instead of XML DigSig (which is by the way a joint IETF-W3C
WG). But CMS would appear to be a much easier and simpler solution.
Alternatively you could profile XML-Dig sig, use the minimal c14n etc. to
make implementation trivial.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DFbnJ00955 for ietf-pkix-bks; Thu, 13 Sep 2001 08:37:49 -0700 (PDT)
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DFblD00950 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 08:37:47 -0700 (PDT)
Received: from vhqpostal-gw1.verisign.com (mailer1.verisign.com [65.205.251.55]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id f8DFZ3m20066; Thu, 13 Sep 2001 08:35:03 -0700 (PDT)
Received: by vhqpostal-gw1.verisign.com with Internet Mail Service (5.5.2653.19) id <R5GBCGNK>; Thu, 13 Sep 2001 08:37:50 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586975C@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: RE: XACML OID tag?
Date: Thu, 13 Sep 2001 08:37:48 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C13C6A.0A68E110"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C13C6A.0A68E110
Content-Type: text/plain;
charset="iso-8859-7"
Some responses to Bob's points and others.
1) There is no OID and if there was I have no idea what the semantics of the
OID would be.
2) The way to link a SAML assertion to a certificate is to use the KeyInfo
element of the SubjectConfirmation field to identify the authentication
credentials of the subject to which the assertion is bound. This may be
either by the Certificate itself, by the certificate serial and issuer or by
the public key parameters.
3) Although SAML attribute assertions are similar to X509.v3 attribute
certificates there are significant differences in the models. With attribute
certificates the model is of issuing static pieces of data that have long
validity intervals (days at least). The attribute certificates require the
issuer to establish parallel identity and attribute certification
hierarchies. The idea that end entity clients would ever implement cross
certification is bogus. The idea that end entities are going to implement a
functioning bifurcated authentication and attribute cross certified
heterarchy with separate roots of trust is bogus with knobs on.
4) For the specific SAML uses of attribute assertions it is the PDP that
performs the attribute processing and not the enforcement point (i.e. the
device hooking into the system). The important upshot of this is that it is
not necessary to standardize implementation of policy languages in the end
entity devices.
5) SAML does not provide the status management functions of X.509 but the
SAML framework may be readilly extended to support them, not least because
XTASS, the original assertion framework on which SAML is based supported an
assertion status mechanism (tier 4).
If an attribute statement is simply a statement about a subject the chances
are that a realtime OCSP type system will be much more satisfactory than a
static certificate based system. The number of accesses within the validity
interval, the sparseness of the data, etc. is simply to small to make
certificate issue worthwhile.
The intended use for the tier 4 meta-assertion scheme is to manage
assertions that map to negotiable financial instruments.
6) I agree with Hal on the points he made, however remember that the SAML
working group has a very narrow scope. The assertion framework on which SAML
is based was designed as a very general purpose vehicle.
7) We examnined the use of XER encoding at length for a full 6 minutes early
in the design of XTASS/XKMS/SAML/XKASS/XTAML when it was all called TAXI
(Trust Assertion XML Infrastructure). It would be a completely worthless
exercise. There is no intrinsic value in the XML syntax over the X.509 great
enough to outweigh the fact that there is a massive X.509v3/BER installed
base. There is no value therefore in introducing a new PKI syntax unless the
semantics are also changed to allow uses that were not possible before.
8) The idea of canonicalization is broken. It was broken in DER it is still
broken in XML Signature. If you want to be able to check signatures put the
responsibility on the infrastructure not to mess with the bits. The minute
you try to support applications that slightly mangle data you lose big. The
ability to burst a certificate into components and put it in a directory
*and then delete the original* is bogus, was bogus and will remain bogus.
If digital signatures had been implemented in the very first email systems
then gateways would never have got into the idiotic charater set and line
wrapping transformations that break so many messages. That task should
always have been performed by the end client. The reason IP works and many
competitors do not, is that unlike other schemes IP does not mangle the
contents of each packet in transit.
9) If you really wanted to you could use X.509 as a signature envelope for
SAML assertions instead of XML DigSig (which is by the way a joint IETF-W3C
WG). But CMS would appear to be a much easier and simpler solution.
Alternatively you could profile XML-Dig sig, use the minimal c14n etc. to
make implementation trivial.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
------_=_NextPart_000_01C13C6A.0A68E110
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C13C6A.0A68E110--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DFPuA00738 for ietf-pkix-bks; Thu, 13 Sep 2001 08:25:56 -0700 (PDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [199.203.73.68]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DFPsD00734 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 08:25:55 -0700 (PDT)
Received: from earl (localhost [127.0.0.1]) by michael.checkpoint.com (8.9.3/8.9.1) with SMTP id RAA15954; Thu, 13 Sep 2001 17:25:15 +0200 (IST)
From: "Avi Gozlan" <avi@checkpoint.com>
To: <jimsch@exmsft.com>, <ietf-pkix@imc.org>
Subject: RE: CMC issue - CA identification
Date: Thu, 13 Sep 2001 18:28:41 +0300
Message-ID: <007901c13c68$c5537190$148d96d4@checkpoint.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <000401c13bea$57328800$0c00a8c0@soaringhawk.net>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Jim,
What I would like, is to let the CMC client automatically identify the
self-signed certificate and thus eliminate the manual approval required for
the same purpose.
This operation is suggested to occur as part of the response, to replace the
manual action that sometimes can be done only afterwards, when the chain
with the self-signed certificate arrives in the response.
In the case of RA the same method is used. The RA takes the same buffer of
self-signed certificate as the value to be validated. We need here two
things:
1. Verify that the server, may it be the CA or RA, knows the shared secret.
This may be achieved by creating the HMAC-SHA1 of any agreed upon buffer.
2. Approve the self-signed certificate.
These needs are both achieved by the suggested way.
Avi
-----Original Message-----
From: Jim Schaad [mailto:jimsch@nwlink.com]
Sent: Thursday, September 13, 2001 3:24 AM
To: 'Avi Gozlan'; ietf-pkix@imc.org
Subject: RE: CMC issue - CA identification
Avi,
Based on the discussion below, I am going to assume that the reason you
want to give the CA the ablitiy to prove it's identity is so that it can
successfully distribute a "Trust Anchor". Are you suggesting that this
occur before the client sends a certificate request to the CA or that it
be part of the response?
Also how do you think that the identify proof would need to be changed
so that an RA rather than a CA could prove it's identity?
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Avi Gozlan
> Sent: Tuesday, September 11, 2001 12:33 AM
> To: ietf-pkix@imc.org
> Subject: CMC issue - CA identification
>
>
>
> Hello,
>
> CMC supplies the identityProof mechanism, by which a CA can
> immidiately and
> automatically identify a CMC client. However, there are no
> means by which
> the CA identifies itself to the CMC client. According to
> section 4.4 of RFC
> 2797, clients must explicitly approve trust of the included
> self-signed
> certificate.
>
> In the cases where the identityProof machanism is used the
> end entity and
> the CA share a secret. The secret can be used to authenticate
> the reply as
> well as the request.
>
> Following is a proposal that utilizes this mechanism in the reply.
>
> This way of authentication has some advantages:
> - Same strength of authentication on the client side as on the CA side
> - More secure - users are not always familiar with approving
> a CA or its
> fingerprint
> - Easier to use, no user intervention is required for CA
> identification
>
> Is it possible that such an automatic identification proof
> will be added to
> CMC (or descendant)?
>
> Here is the proposal:
>
> 1. The buffer of the self-signed certificate in the
> "certificate" portion of
> the signedData is the value to be validated
> 2. A SHA1 hash of the token is computed.
> 3. An HMAC-SHA1 value is then computed over the value
> produced in Step 1,
> using the hash of the token from Step 2 as the shared secret value
> 4. The 160-bit-HMAC-SHA1 result from Step 3 is then encoded
> as the value of
> the identityProof attribute.
>
> When the client verifies the identityProof attribute, it extracts the
> self-signed certificate from the chain included in the
> "certificate" portion
> of the signedData. It then computes the HMAC-SHA1 value in
> the same way and
> compares it to the identityProof attribute contained in the enrollment
> request.
>
> Thanks,
>
> Avi Gozlan
> PKI team
> Check Point Software Technologies LTD.
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DESm227377 for ietf-pkix-bks; Thu, 13 Sep 2001 07:28:48 -0700 (PDT)
Received: from omicron.at (gw.omicron.at [212.183.10.29]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DESlD27370 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 07:28:47 -0700 (PDT)
Received: by gw.omicron.at id <29577>; Thu, 13 Sep 2001 16:29:44 +0200
Message-Id: <01Sep13.162944gmt+0200.29577@gw.omicron.at>
From: Cristian Marinescu <cristian.marinescu@omicron.at>
To: libel@paris.md
Cc: ietf-pkix@imc.org
Subject: RE: Question about TSP (rfc 3161)
Date: Thu, 13 Sep 2001 16:27:30 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1460.8)
Content-Type: text/plain; charset="windows-1252"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I agree, there is in practice (at least for the moment,
when everyone is trying to put a TSA together, more or less
draft compliant), no reason for having such flags.
But, it is also not stupid.
Let's imagine that some day the TSP will be really used
by everyone. :) Hard to imagine, but let's try.
This will rise the problem of DOS attack, and some
people, (as I have done myself) will implement the TSA
and limit the number of parallel requests (and let's understand
by this the number of spawn processes, or threads) to a fix number. So
they will
just return an error back. This is actually not a nice thing
to do. And I presume, people there, writing the draft,
tried to be nice: well, if I get a request, but,
I don't have time to give a response right away, because
I am busy, let's store the request and tell the person to try
again sometimes later.
Perhaps there is also the possibility
that your clock is at that moment not available, (I would
like to believe that there will be TSA's out there that won't read
the time from the local system, like I do at the moment...) or maybe
some
other resource... how could I know?? :)
In any case you have to take cautions about the overflooding with
requests (or even pending requests, that havn't been answered yet)
Well, at least this is the reason I can imagine. Perhaps
there are also some other (dark!) reasons, but I would like
to hear/read about them from the TSP gurus. :))
Kindly regards,
Cristian
> -----Original Message-----
> From: libel@paris.md [mailto:libel@paris.md]
> Sent: Mittwoch, 12. September 2001 10:19
> To: ietf-pkix@imc.org
> Subject: Question about TSP (rfc 3161)
>
>
>
> Hi,
>
>
> I would like to know what are the reasons for introducing the
> flags "pollReq",
> "pollResp" and "negPollRep" in the socket based protocol
> (section 3.3).
>
>
> It would mean that a tsa server can divide the der code he
> calculated for the
> response. But why would it do that?
>
>
> Thanks
>
>
> Libel
>
>
> --
> Get your firstname@lastname email for FREE at
http://Nameplanet.com/?su
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
iQA/AwUBO6C0P8V5iyNCxCiSEQL9aQCg/DF+dzS6QV+dLFvVV6HTNTF3xvgAoOaZ
GSkggGhyqVBA6fFIRTnn+4bu
=FFSm
-----END PGP SIGNATURE-----
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DDx1E25658 for ietf-pkix-bks; Thu, 13 Sep 2001 06:59:01 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DDwwD25648 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 06:58:59 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA14696; Thu, 13 Sep 2001 16:01:05 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id PAA14626; Thu, 13 Sep 2001 15:58:23 +0200
Message-ID: <3BA0BB63.5EF01268@bull.net>
Date: Thu, 13 Sep 2001 15:57:55 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: agregorio@acm.org
CC: ietf-pkix@imc.org
Subject: Re: Comments on RFC3161
References: <20010913143102.B15814@server.speedcom.it>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Alfonso,
> Hi Everyone,
>
> In my opinion, in a future rfc3161 update, the following parts should
> be corrected .
Since RFC 3161 has just been issued in August 2001, it will not be re-issued
shortly.
> Comment A
> There is an inconsistency between these statements present in section 1:
> - "It also establishes several security-relevant requirements for TSA
> operation, with regards to processing requests to generate responses"
> - "This standard does not establish overall security requirements for
> TSA operation, just like other PKIX standards do not establish such
> requirements for CA operation"
This is not inconsistent: "several security-relevant requirements" is
different from "overall security requirements".
> Comment B
> There should be no ambiguity (neither minor) in the scope of TSP.
>
> In my opinion, it's preferable to say that "The TSA is a TTP that
> creates time-stamp tokens in order to indicate that a datum existed
> _at_ a particular point in time", according to section 2.
> And should be avoided to say that "A time-stamping service supports
> assertions of proof that a datum existed _before_ a particular time",
> as stated several times in section 1.
No. This point has been discussed on the pkix mailing list and the current
text reflects the concensus reached.
> It's part of the verification phase to understand if a token is subsequent
> or antecedent to another one.
> Comment C
> The part of section 2.4.2:
>
> rfc3161> In such a case, the ordering of time-stamp tokens issued by
> rfc3161> the same TSA or different TSAs is only possible when the
> rfc3161> difference between the genTime of the first time-stamp token
> rfc3161> and the genTime of the second time-stamp token is greater than
> rfc3161> the sum of the accuracies of the genTime for each time-stamp token.
>
> should be replaced with:
> In such a case, the ordering of time-stamp tokens issued by
> the same TSA or different TSAs is only possible when the absolute value
> difference between the genTime of the first time-stamp token
> and the genTime of the second time-stamp token is greater than
> the sum of the accuracies of the genTime for each time-stamp token.
It is implicit that such comparisons are made between TSA servers that are
trusted and compliant with the requirements. So adding the word "absolute"
is not necessary in that context.
> In fact, when a TSA clock drift outside the declared accuracy
Hence the TSA becomes non-conformant.
Denis
> it's
> possible to observe time-stamp tokens that have inconsistent genTime
> associated with them (eg. the genTime value of a _first_ time-stamp
> token is grater either than the genTime value of a second token, or
> the sum of the accuracies of the two tokens); please refer to my
> previous message for an example.
>
> Thanks,
> alfonso
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DD5xf23284 for ietf-pkix-bks; Thu, 13 Sep 2001 06:05:59 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DD5wD23280 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 06:05:58 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8DD6Ga12248; Thu, 13 Sep 2001 09:06:16 -0400
Message-ID: <3BA0AF48.44D8A2F7@zolera.com>
Date: Thu, 13 Sep 2001 09:06:16 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Denis Pinkas <Denis.Pinkas@bull.net>
CC: pkix <ietf-pkix@imc.org>, Mike Myers <myers@coastside.net>
Subject: Re: Clarification request on RFC 2560
References: <3BA0885A.EC5A3AB4@bull.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
It's the signer's cert chain. (Well, not *the* but you get the point.)
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: by above.proper.com (8.11.6/8.11.3) id f8DCuP722134 for ietf-pkix-bks; Thu, 13 Sep 2001 05:56:25 -0700 (PDT)
Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DCuND22124 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 05:56:23 -0700 (PDT)
Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id OAA15987 for ietf-pkix@imc.org; Thu, 13 Sep 2001 14:56:22 +0200
Date: Thu, 13 Sep 2001 14:56:21 +0200
From: Alfonso De Gregorio <agregorio@acm.org>
To: ietf-pkix@imc.org
Subject: Comments on rfc3029
Message-ID: <20010913145621.A15976@server.speedcom.it>
Reply-To: agregorio@acm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: mymua
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Everyone,
there are very minor typo errors in rfc3029 (DVCSP),
if they have not been already cought.
In section 9.1 "ccpd" acronym has been mistaken for vpcd.
Similarly, the are several occurences of "vpkc" mistaken
for "cpkc" (eg. in 7.5, 7.6, 8, 9.1).
In 7.2 there is an extra 'a'.
Thank you for your work,
alfonso
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DCYBF21495 for ietf-pkix-bks; Thu, 13 Sep 2001 05:34:11 -0700 (PDT)
Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DCY9D21491 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 05:34:10 -0700 (PDT)
Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id OAA15888 for ietf-pkix@imc.org; Thu, 13 Sep 2001 14:34:09 +0200
Date: Thu, 13 Sep 2001 14:34:09 +0200
From: Alfonso De Gregorio <agregorio@acm.org>
To: ietf-pkix@imc.org
Subject: multiple time-stamp tokens and untrusting certain users
Message-ID: <20010913143409.D15814@server.speedcom.it>
Reply-To: agregorio@acm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: mymua
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Everyone,
what about to add to a future update of rfc3161 examples of how
a TSA users can produce multiple time-stamp tokens of the same
message imprint?
Similarly with what described in draft-ietf-smime-esformats-04.txt,
time-stamp request can be (obviously) requested in independent
way from multiple TSAs. Additionally, it would be nice to have
an example of a chained time-stamp request/responses.
h = hash(doc);
TSA1TimeStampReq.messageImprint = h;
h2 = hash(TSA1ResponseToken);
TSA2TimeStampReq.messageImprint = h2;
TSA2ResponseToken.TSTInfo.messageImprint = h2;
...
TSAnResponseToken.TSTInfo.messageImprint = hn;
- Untrusting the relation between a specific user (eg. TSA developer,
administrator, owner) and a TSA.
This expedient can be helpful while proving the absence of collusion
between a user and a particular TSAs. Assuming that the same user
cannot collude with and arbitrary long series on TSAs.
A user in fact, can collude with a TSA to let a false genTime be applied
to the time-stamp request. This mechanism prevents the generation
of successive or antecedents time-stamps for selected users.
(in my opinion, in future documents should be addressed also the issues
regarding certain potential TTP users and the associated TTPs -
Did you can trust a notary that claims to be the author of a document
and that want give proof of his authorship throw a deed signed
by itself? :-) )
Regards,
alfonso
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DCW4l21447 for ietf-pkix-bks; Thu, 13 Sep 2001 05:32:04 -0700 (PDT)
Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DCW1D21443 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 05:32:02 -0700 (PDT)
Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id OAA15877 for ietf-pkix@imc.org; Thu, 13 Sep 2001 14:32:01 +0200
Date: Thu, 13 Sep 2001 14:32:01 +0200
From: Alfonso De Gregorio <agregorio@acm.org>
To: ietf-pkix@imc.org
Subject: Notary systems requirements
Message-ID: <20010913143201.C15814@server.speedcom.it>
Reply-To: agregorio@acm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: mymua
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Everyone,
what about to start to working on a document that collects requirements
for notary systems based also on TSAs?
In my opinion, the current TSP don't allows always the use of a
time-stamp token as a proof-of-authorship, because the security
analysis of the protocol don't address the possibility of a
deliberate replay attack by a middleman replaying legitimate TS
_requests_; the point 6 of section 4 of rfc3161 puts replayed requests
to TSAs down to problems in the intervening network elements.
An additional middleman attack scenario:
- Alice writes a poem and wants publish it on her own public homepage;
- however, Alice is afraid that, upon the publication, Eve read the poem
and re-publish it with her (Eve) name.
- Eve, knowing Alice's interest and talent, start to eavesdrop Alice's
network;
Note: the attack scenario is possible either because the channel between
Alice and the TSA does not give necessarily confidentiality, or
because the are no requirement yet on how Alice must construct the
message imprint being time-stamped while she wants
proof-of-authorship on corresponding documents (eg. public available
documents).
The (simple) attack
- Alice computes the hash of her poem with the preferred hash algorithm
and sends a TimeStampReq to TSA1 (TSA1Req) where TSA1Req.messageImprint
is the computed hash value;
- Eve intercept Alice's request an makes a copy of it, TSA1ReqCopy;
Eve rip the associated messageImprint and computes another
TimeStampReq with the same hash for TSA2 (TSA2Req);
Eve send TSA1ReqCopy to TSA1 and TSA2Req to TSA2;
these are request of certification of claimed possession of data;
- Alice is still waiting the time-stamp token; but as we know TSP gives
no warrants about response time (eg. the tsa can use also smtp...)
- Eve collects the two responses associated with TSA1ReqCopy and TSA2Req
(TSA1Resp1, TSA2Resp) and keep them secret;
- than Eve sends TSA1Req to TSA1;
- TSA1 receive TSA1Req and process it; this is a replayed request, however
the time-stamping authority perform only basic checks on the imprint
being time-stamped, as REQUESTED in points 7 and 8 of section 2.1:
7. to examine the OID of the one-way collision resistant hash-
function and to verify that the hash value length is consistent
with the hash algorithm.
8. not to examine the imprint being time-stamped in any way (other
than to check its length, as specified in the previous bullet).
- Eve receive the time-stamp token produced by TSA1 (TSA1Resp2) and check
if the absolute value of the difference between the genTime of the first
time-stamp token (TSA1Resp1) and the genTime of the second time-stamp
token (TSA1Resp2) is greater than the sum of the accuracies of the
genTime for each time-stamp token;
- if the condition is true Eve routes TSA1Resp2 to Alice;
this is a well-formed and consistent response, but the genTime associated
with reports a time successive with the one indicated in TSA1Resp1;
- now Eve can make a brute-force attack on the imprint or try to break
on the Alice's computer, but she prefer to wait the publication of
the poem on the Alice's personal public homepage :-)
- Eve claim to be the real author of the Alice's poem;
- Eve and Alice show their own time-stamp token in a trial;
- Eve wins.
To avoid this attack, Alice must be required to hash the sign the
document she wants to time-stamp; compute the hash over the signature
of the signed data and set the messageImprint field of time-stamp
request to the computed value (similarly to what is required in
Appendix A, for the proof sign creation before corresponding certificate
revocation).
Regards,
alfonso
Received: by above.proper.com (8.11.6/8.11.3) id f8DCV5i21424 for ietf-pkix-bks; Thu, 13 Sep 2001 05:31:05 -0700 (PDT)
Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DCV3D21420 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 05:31:03 -0700 (PDT)
Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id OAA15866 for ietf-pkix@imc.org; Thu, 13 Sep 2001 14:31:02 +0200
Date: Thu, 13 Sep 2001 14:31:02 +0200
From: Alfonso De Gregorio <agregorio@acm.org>
To: ietf-pkix@imc.org
Subject: Comments on RFC3161
Message-ID: <20010913143102.B15814@server.speedcom.it>
Reply-To: agregorio@acm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: mymua
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Everyone,
In my opinion, in a future rfc3161 update, the following parts should
be corrected .
Comment A
There is an inconsistency between these statements present in section 1:
- "It also establishes several security-relevant requirements for TSA
operation, with regards to processing requests to generate responses"
- "This standard does not establish overall security requirements for
TSA operation, just like other PKIX standards do not establish such
requirements for CA operation"
Comment B
There should be no ambiguity (neither minor) in the scope of TSP.
In my opinion, it's preferable to say that "The TSA is a TTP that
creates time-stamp tokens in order to indicate that a datum existed
_at_ a particular point in time", according to section 2.
And should be avoided to say that "A time-stamping service supports
assertions of proof that a datum existed _before_ a particular time",
as stated several times in section 1.
It's part of the verification phase to understand if a token is subsequent
or antecedent to another one.
Comment C
The part of section 2.4.2:
rfc3161> In such a case, the ordering of time-stamp tokens issued by
rfc3161> the same TSA or different TSAs is only possible when the
rfc3161> difference between the genTime of the first time-stamp token
rfc3161> and the genTime of the second time-stamp token is greater than
rfc3161> the sum of the accuracies of the genTime for each time-stamp token.
should be replaced with:
In such a case, the ordering of time-stamp tokens issued by
the same TSA or different TSAs is only possible when the absolute value
difference between the genTime of the first time-stamp token
and the genTime of the second time-stamp token is greater than
the sum of the accuracies of the genTime for each time-stamp token.
In fact, when a TSA clock drift outside the declared accuracy it's
possible to observe time-stamp tokens that have inconsistent genTime
associated with them (eg. the genTime value of a _first_ time-stamp
token is grater either than the genTime value of a second token, or
the sum of the accuracies of the two tokens); please refer to my
previous message for an example.
Thanks,
alfonso
Received: by above.proper.com (8.11.6/8.11.3) id f8DCUFb21398 for ietf-pkix-bks; Thu, 13 Sep 2001 05:30:15 -0700 (PDT)
Received: from server.speedcom.it (server.speedcom.it [195.32.69.66]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DCUDD21394 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 05:30:13 -0700 (PDT)
Received: (from adg@localhost) by server.speedcom.it (0.0.0/0.0.0) id OAA15833 for ietf-pkix@imc.org; Thu, 13 Sep 2001 14:30:02 +0200
Date: Thu, 13 Sep 2001 14:30:01 +0200
From: Alfonso De Gregorio <agregorio@acm.org>
To: ietf-pkix@imc.org
Subject: Untrusting a Trusted Third Party: TSA.
Message-ID: <20010913143001.A15814@server.speedcom.it>
Reply-To: agregorio@acm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: mymua
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Everyone,
The following consideration is quite obvious; however, it's intriguing
to see how the TSP allows a user to perform a simple test against a
TSA that he doesn't trust anymore.
Assume a user is afraid that a TSA is issuing time-stamp tokens while
not in synchronization with UTC; after all if a TSA use a trustworthy
source of time and include a trustworthy time value for each time-stamp
token is not necessarily ensuring that the clock doesn't drift outside
the declared accuracy (this is addressed in ETSI - STF 178-T1 draft H).
The test
The ordering of time-stamp tokens issued by different TSAs is only
possible when the _absolute value_ (*) of the difference between the
genTime of the first time-stamp token and the genTime of the second
time-stamp token is greater than the sum of the accuracies of the
genTime for each time-stamp token.
*) partially contrarywise to what is asserted in section 2.4.2 of rfc3161.
TSA-1: the tsa not trusted anymore by alice
TSA-2..TSA-3: tsa still trusted by alice
1. Alice send a TimeStampReq to TSA-1 (TSA1Req) where
TimeStampReq.messageImprint is simply an hash of a document kept
secret (Alice_doc);
2. Upon receiving the response (TSA1Response), Alice hash the received
time-stamp token ( hash(TSA1Response) ) and send as quickly as possible
a time-stamp request to TSA2 (TSA2Req), where
TimeStampReq.messageImprint is hash(TSA1Response);
3. if the absolute value of the difference of the first time-stamp token
and the genTime of the second time-stamp token ( abs(x) ) is greater
than the sum of the accuracies of the genTime for each time-stamp
token, Alice can order the two tokens; but for a positive value of
the difference we have a consistent chain of time-stamp
request/response, and for a negative a contradictory result.
x = TSA2Response.genTime - TSA1Response.genTime;
while abs( x ) > (TSA2Response.accuracy + TSA1Response.accuracy)
if x > 0 --> TSA2Resoponse follows TSA1Response
if x < 0 --> TSA2Response is _antecedents_ to TSA1Response
Alice can prove the opposite showing the chained sequence of time-stamp
requests:
a. Alice_doc
b. TSA1Response.TSTInfo.messageImprint = hash(Alice_doc)
c. TSA2Response.TSTInfo.messageImprint(hash(TSA1Response))
Sincerely,
alfonso
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8DAKkd14699 for ietf-pkix-bks; Thu, 13 Sep 2001 03:20:46 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8DAKjD14690 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 03:20:45 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA16974; Thu, 13 Sep 2001 12:22:50 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id MAA14686; Thu, 13 Sep 2001 12:20:08 +0200
Message-ID: <3BA0885A.EC5A3AB4@bull.net>
Date: Thu, 13 Sep 2001 12:20:10 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
CC: Mike Myers <myers@coastside.net>
Subject: Clarification request on RFC 2560
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
In RFC 2560 section 4.2.1 (OCSP Response), we have
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Usually every ASN1 field is explained, but in that document the certs field
is not explained.
Should that optional field be interpreted to carry a sequence of possibly
useful certificates ?
Denis
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8D8VO606162 for ietf-pkix-bks; Thu, 13 Sep 2001 01:31:24 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8D8VKD06147 for <ietf-pkix@imc.org>; Thu, 13 Sep 2001 01:31:22 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA15632; Thu, 13 Sep 2001 10:33:22 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id KAA10768; Thu, 13 Sep 2001 10:30:36 +0200
Message-ID: <3BA06EAE.567922A1@bull.net>
Date: Thu, 13 Sep 2001 10:30:38 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Michael Myers <myers@coastside.net>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <EOEGJNFMMIBDKGFONJJDMEONCEAA.myers@coastside.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Michael,
> Denis,
>
> What are your thoughts on the timeliness characteristic between OCSP and
> CRLs?
Well ...
I must admit that the definition of the archive cutofff (section 4.4.4) from
RFC 2560 has always been very strange for me, since it defines a time
interval rather then an absolute time. I read several times the text and
could not figure out how in practice it would be used.
The text talks about a retention interval without saying explictly to which
event it is relative to.
Is it the time interval beyond the notAfter date from a certificate ?
The text does not say so.
In addition, the text is talking, as an example, of a retention interval of
7 years (!) whereas in the context of that thread we are only talking of
about a month.
If I had to define from scratch the extension I would simply define an
absolute date (e.g. called ExtendedRevocationInformationDate, quite a
long name, but explicit) that could directly override the notAfter field
from the Validity field of a certificate. This would mean that this
extension allows to know until when the revocation information is
maintained. It is not directly related to the produceAt time. The only
condition is that, when it is present, it is always later than produceAt.
This is a problem because, if I understand correctly RC 2560, we have the
following equation:
ArchiveCutoff = producedAt - retention interval.
I do not see a clear relationship between these two concepts.
Unless you see one, it would mean that an extension different from
ArchiveCutoff would be necessary for OCSP responses so that we can have
identical concepts for CRLs and OCSP responses.
Thanks for raising the question.
Denis
> Mike
>
> Michael Myers
> t: +415.819.1362
> e: mailto:mike@traceroutesecurity.com
> w: http://www.traceroutesecurity.com
>
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Wednesday, September 12, 2001 12:35 AM
> > To: Michael Myers
> > Cc: IETF-PKIX
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> >
> > > All,
> > >
> > > I think a unique extension creates the least impact.
> > >
> > > More broadly though, what's really bothering me is my sense that we're
> > > backing into the notion of a 1-1 between CRLs and online status
> > mechanisms.
> > >
> > > Assume an environment that both publishes CRLs and offers OCSP-based
> > > services against the same set of certificates. What if:
> > >
> > > a) The CA receives a revocation request at T1;
> > >
> > > b) A database state variable is flipped at T1+N;
> > >
> > > c) An OCSP request is received at T1+N+M;
> > >
> > > d) An OCSP response is transmitted at T1+N+M+K;
> > >
> > > e) Yet the next CRL cycle won't run (i.e. the cron
> > > job won't fire) until T1+X where X >> (N+M+K).
> > >
> > > Thus relying parties are enabled to pick and choose between CRLs or OCSP
> > > depending on how it might benefit their argument for remedy
> > under digital
> > > signature laws.
> > >
> > > Thoughts, anyone?
> >
> > Some validation policies, like Signature policies are able to say whether
> > CRLs or OCSP responses shall be used.
> >
> > As an example see: draft-ietf-smime-espolicies-01.txt
> >
> > EnuRevReq ::= ENUMERATED {
> > clrCheck (0),
> > --Checks must be made against current CRLs
> > -- (or authority revocation lists (ARL))
> > ocspCheck (1), -- The revocation status must be checked
> > -- using the Online Certificate Status Protocol
> > -- (OCSP),RFC 2450.
> > bothCheck (2),
> > -- Both CRL and OCSP checks must be carried out
> > eitherCheck (3),
> > -- At least one of CRL or OCSP checks must be
> > -- carried out
> > noCheck (4),
> > -- no check is mandated
> > other (5)
> > -- Other mechanism as defined by signature policy
> > -- extension
> > }
> >
> > If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is mandated, then
> > there is no conflict between the two mechanisms.
> >
> > Denis
> >
> >
> > > Mike
> > >
> > > Michael Myers
> > > t: +415.819.1362
> > > e: mailto:mike@traceroutesecurity.com
> > > w: http://www.traceroutesecurity.com g
> >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8D0Nm608350 for ietf-pkix-bks; Wed, 12 Sep 2001 17:23:48 -0700 (PDT)
Received: from femail26.sdc1.sfba.home.com ([24.254.60.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8D0NlD08346 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 17:23:47 -0700 (PDT)
Received: from revelation ([65.4.166.11]) by femail26.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010913002345.YVRF12095.femail26.sdc1.sfba.home.com@revelation>; Wed, 12 Sep 2001 17:23:45 -0700
Reply-To: <jimsch@exmsft.com>
From: "Jim Schaad" <jimsch@nwlink.com>
To: "'Avi Gozlan'" <avi@checkpoint.com>, <ietf-pkix@imc.org>
Subject: RE: CMC issue - CA identification
Date: Wed, 12 Sep 2001 17:23:40 -0700
Message-ID: <000401c13bea$57328800$0c00a8c0@soaringhawk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2526.0000
In-Reply-To: <002001c13a93$f57ba850$148d96d4@checkpoint.com>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Avi,
Based on the discussion below, I am going to assume that the reason you
want to give the CA the ablitiy to prove it's identity is so that it can
successfully distribute a "Trust Anchor". Are you suggesting that this
occur before the client sends a certificate request to the CA or that it
be part of the response?
Also how do you think that the identify proof would need to be changed
so that an RA rather than a CA could prove it's identity?
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Avi Gozlan
> Sent: Tuesday, September 11, 2001 12:33 AM
> To: ietf-pkix@imc.org
> Subject: CMC issue - CA identification
>
>
>
> Hello,
>
> CMC supplies the identityProof mechanism, by which a CA can
> immidiately and
> automatically identify a CMC client. However, there are no
> means by which
> the CA identifies itself to the CMC client. According to
> section 4.4 of RFC
> 2797, clients must explicitly approve trust of the included
> self-signed
> certificate.
>
> In the cases where the identityProof machanism is used the
> end entity and
> the CA share a secret. The secret can be used to authenticate
> the reply as
> well as the request.
>
> Following is a proposal that utilizes this mechanism in the reply.
>
> This way of authentication has some advantages:
> - Same strength of authentication on the client side as on the CA side
> - More secure - users are not always familiar with approving
> a CA or its
> fingerprint
> - Easier to use, no user intervention is required for CA
> identification
>
> Is it possible that such an automatic identification proof
> will be added to
> CMC (or descendant)?
>
> Here is the proposal:
>
> 1. The buffer of the self-signed certificate in the
> "certificate" portion of
> the signedData is the value to be validated
> 2. A SHA1 hash of the token is computed.
> 3. An HMAC-SHA1 value is then computed over the value
> produced in Step 1,
> using the hash of the token from Step 2 as the shared secret value
> 4. The 160-bit-HMAC-SHA1 result from Step 3 is then encoded
> as the value of
> the identityProof attribute.
>
> When the client verifies the identityProof attribute, it extracts the
> self-signed certificate from the chain included in the
> "certificate" portion
> of the signedData. It then computes the HMAC-SHA1 value in
> the same way and
> compares it to the identityProof attribute contained in the enrollment
> request.
>
> Thanks,
>
> Avi Gozlan
> PKI team
> Check Point Software Technologies LTD.
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8CMu5o06800 for ietf-pkix-bks; Wed, 12 Sep 2001 15:56:05 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8CMu3D06796 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 15:56:03 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 12 Sep 2001 16:55:48 -0600
Message-Id: <sb9f9394.016@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Wed, 12 Sep 2001 16:57:58 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <hal.lockhart@entegrity.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: XACML OID tag?
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_CF9566E4.A8C9B4FB"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_CF9566E4.A8C9B4FB
Content-Type: text/plain; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
>Perhaps you are simply looking for an OID to put arbitrary XML in a cert, =
so=20
this response will be overkill, but I believe your message implies a lack =
of=20
understanding of the XML security work currently going on at OASIS (SAML =
and=20
XACML)=20
>XACML is defining the means to express Access Control Policies. I =
don't=20
really see what the semantics of an access control policy in the middle of =
a=20
cert would be.=20
=20
>Perhaps you are thinking of SAML. SAML has Attribute Assertions which =
are=20
almost like Attribute Certs. Also it has Authentication Assertions =
which=20
seem mostly useful in non-PKI environment. Finally there are Authorization=
=20
Decision Assertions, which are likely to be quite specific to a resource =
and=20
short lived. Again it is not clear what putting one in a cert would =
signify=20
exactly.=20
=20
I very well may be confused =AF it certainly wouldn't be the first time!
=20
The last time I looked at SAML, it had "entitlements", but they were an =
unspecified bag of bits, and I was under the impression that the intent =
was for those entitlements to eventually be expressed in XACML. Since =
XACML hasn't published anything yet, at least to my understanding, I =
done';t know what it would contain. But if you are correct, and XACML is a =
way of expressing an access control POLICY, rather than granting a =
particular user some particular right or capability, then you are right =
=AF including XACML in a certificate wouldn't make much sense. So perhaps =
I need to include the SAML Attribute Assertions instead.
=20
In any case, I'm not quite ready to buy into the necessity of recoding all =
of the infrastructure in XML =AF it just seems like too big a task to bite =
off right now, with less than a solid business case justification (hype =
doesn't count).
=20
So what I was hoping to do was to come half way to the mountain, and play =
around with some XML to learn more about the possible problems =AF get my =
feet wet, so to speak.
=20
Since we have existing support for X.509-based authentication to eDirectory=
and other applications, putting some XML attributes in the certificate =
would take advantage of that infrastructure, while using XML for the =
attribute assertion would presumably provide a mechanism for supporting =
extranet authentication, assuming the parties agree as to both the name of =
the attribute (easy), and the precise semantics (much harder, generally).
>Of course all can be signed using XMLdsig and thus be consumers of =
PKIX=20
mechanisms. But I am unclear what sort of a use case you have in mind.=20
=20
I don't really want to have to implement XMLdsig at this point in time, as =
I don't see what advantages it provides over existing IETF-standardized =
signature mechanisms. If I can simply drop the attribute assertions into =
an X.509 certificate issued by the organization that is attesting to the =
attributes (and the user's identity, for what that's worth), then I don't =
have to do anything extra. XMLdsig seems like politically correct =
overkill, and I can't afford that.
>If you believe X.509 Attribute Certs are broken (as opposed to unused) =
I=20
would like to hear why, since SAML Attribute Assertions are very similar. =
On=20
the other hand, SAML has a lot of other machinery, so perhaps we have=20
already addressed your concerns.=20
=20
I do believe that X.509 attribute certificates are broken, as well as =
unused. The last time we went through some of those issues on the PKIX =
list, it became apparent that controlling the delegation of attributes =
through a chain of attribute certs was even more difficult than controlling=
identity assertions via policy constraints, name subordination, etc. As =
a result, the only uses that I have heard be suggested for attribute certs =
used only a one-level deep model, so that selecting the root validates all =
of the certificates under that root. To me, that doesn't seem to scale =
very well.
=20
This same issue of the control of delegation concerns me even more in =
SAML, because in at least some of the use cases, every enterprise =
effectively becomes their own identity and attribute authority. Given the =
experience we have so far with X.509 certificates, there isn't much =
evidence to suggest that most enterprises will do a very good job of this. =
Even some of the best public CAs have trouble with this, as witness the =
bogus Microsoft code signing certificate.
=20
To my way of thinking, it is extremely important that every entity in the =
delegation chain be able to control delegation of any particular attribute,=
both up and down the chain. The top level root and some subordinate CA =
may decide that they don't want to delegate some particular authority to a =
sub-CA, and in that case it shouldn't matter what that sub-CA claims =AF =
the relying party should be able to tell quickly and easily that that =
right wasn't granted. On the other hand, the relying party may decide =
that he doesn't want to trust some higher level CA or even some root CA =
with respect to some particular attribute. If Osama ben Laden grants me =
the right to access the CIA's mainframe in a signed XML entitlement, I =
doubt that the CIA will be very impressed.
=20
It seems to me that if the only controls you have in this space is =
certificate chaining, then you are forced into an all or nothing situation.=
You either have to establish a unique root and a unique certificate =
chain for each individual attribute , or you have to lump several =
attributes into an indistinguishable group of capabilities and either =
accept them all or reject them all. both alternatives seem unacceptable.
=20
ON the other hand, a bit-oriented MAC label can solve these problem easily =
=AF you just AND all of the capabilities together, from the top to the =
bottom of the chain, and see what you have when you get through. I'll be =
happy to send you the URL of a document that specifies how all this can be =
done if you are interested. =20
=20
Using XML names rather than bits may make this process a little bit more =
user-friendly, although it also tends to make negation somewhat harder. =
I'm sure that there are other problems, and I'm equally sure that I don't =
understand them all.
=20
In any case, thanks for the education, and I'll go do some more reading.
Bob
--=_CF9566E4.A8C9B4FB
Content-Type: text/html; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"=
>
<META content=3D"MSHTML 5.50.4616.200" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN-TOP: 2px; FONT: 10pt Tahoma; MARGIN-LEFT: 2px">
<DIV>>Perhaps you are simply looking for an OID to put arbitrary XML in =
a=20
cert, so <BR>this response will be overkill, but I believe your message =
implies=20
a lack of <BR>understanding of the XML security work currently going on at =
OASIS=20
(SAML and <BR>XACML) <BR><BR>>XACML is defining the means to express =
Access=20
Control Policies. I don't <BR>really see what the semantics of an access =
control=20
policy in the middle of a <BR>cert would be. </DIV>
<DIV> </DIV>
<DIV>>Perhaps you are thinking of SAML. SAML has Attribute Assertions =
which=20
are <BR>almost like Attribute Certs. Also it has Authentication Assertions =
which=20
<BR>seem mostly useful in non-PKI environment. Finally there are Authorizat=
ion=20
<BR>Decision Assertions, which are likely to be quite specific to a =
resource and=20
<BR>short lived. Again it is not clear what putting one in a cert would =
signify=20
<BR>exactly. </DIV>
<DIV> </DIV>
<DIV>I very well may be confused — it certainly wouldn't be the =
first=20
time!</DIV>
<DIV> </DIV>
<DIV>The last time I looked at SAML, it had "entitlements", but they were =
an=20
unspecified bag of bits, and I was under the impression that the intent =
was for=20
those entitlements to eventually be expressed in XACML. Since XACML =
hasn't=20
published anything yet, at least to my understanding, I done';t know what =
it=20
would contain. But if you are correct, and XACML is a way of expressing =
an=20
access control POLICY, rather than granting a particular user some =
particular=20
right or capability, then you are right — including XACML in a =
certificate=20
wouldn't make much sense. So perhaps I need to include the SAML =
Attribute=20
Assertions instead.</DIV>
<DIV> </DIV>
<DIV>In any case, I'm not quite ready to buy into the necessity of =
recoding all=20
of the infrastructure in XML — it just seems like too big a task to =
bite off=20
right now, with less than a solid business case justification (hype =
doesn't=20
count).</DIV>
<DIV> </DIV>
<DIV>So what I was hoping to do was to come half way to the mountain, and =
play=20
around with some XML to learn more about the possible problems — get =
my feet=20
wet, so to speak.</DIV>
<DIV> </DIV>
<DIV>Since we have existing support for X.509-based authentication to =
eDirectory=20
and other applications, putting some XML attributes in the certificate =
would=20
take advantage of that infrastructure, while using XML for the attribute=20=
assertion would presumably provide a mechanism for supporting extranet=20
authentication, assuming the parties agree as to both the name of the =
attribute=20
(easy), and the precise semantics (much harder, generally).<BR><BR>>Of =
course=20
all can be signed using XMLdsig and thus be consumers of PKIX <BR>mechanism=
s.=20
But I am unclear what sort of a use case you have in mind. </DIV>
<DIV> </DIV>
<DIV>I don't really want to have to implement XMLdsig at this point in =
time,=20
as I don't see what advantages it provides over existing IETF-standard=
ized=20
signature mechanisms. If I can simply drop the attribute assertions =
into=20
an X.509 certificate issued by the organization that is attesting to =
the=20
attributes (and the user's identity, for what that's worth), then I don't =
have=20
to do anything extra. XMLdsig seems like politically correct =
overkill, and=20
I can't afford that.<BR><BR>>If you believe X.509 Attribute Certs are =
broken=20
(as opposed to unused) I <BR>would like to hear why, since SAML =
Attribute=20
Assertions are very similar. On <BR>the other hand, SAML has a lot of =
other=20
machinery, so perhaps we have <BR>already addressed your concerns. </DIV>
<DIV> </DIV>
<DIV>I do believe that X.509 attribute certificates are broken, as well =
as=20
unused. The last time we went through some of those issues on the =
PKIX=20
list, it became apparent that controlling the delegation of attributes =
through a=20
chain of attribute certs was even more difficult than controlling =
identity=20
assertions via policy constraints, name subordination, etc. As a =
result,=20
the only uses that I have heard be suggested for attribute certs used only =
a=20
one-level deep model, so that selecting the root validates all of the=20
certificates under that root. To me, that doesn't seem to scale =
very=20
well.</DIV>
<DIV> </DIV>
<DIV>This same issue of the control of delegation concerns me even more in =
SAML,=20
because in at least some of the use cases, every enterprise effectively =
becomes=20
their own identity and attribute authority. Given the experience we =
have=20
so far with X.509 certificates, there isn't much evidence to suggest that =
most=20
enterprises will do a very good job of this. Even some of the best =
public=20
CAs have trouble with this, as witness the bogus Microsoft code signing=20
certificate.</DIV>
<DIV> </DIV>
<DIV>To my way of thinking, it is extremely important that every entity in =
the=20
delegation chain be able to control delegation of any particular attribute,=
both=20
up and down the chain. The top level root and some subordinate CA =
may=20
decide that they don't want to delegate some particular authority to a =
sub-CA,=20
and in that case it shouldn't matter what that sub-CA claims — the =
relying party=20
should be able to tell quickly and easily that that right wasn't granted.&n=
bsp;=20
On the other hand, the relying party may decide that he doesn't want to =
trust=20
some higher level CA or even some root CA with respect to some particular=
=20
attribute. If Osama ben Laden grants me the right to access the =
CIA's=20
mainframe in a signed XML entitlement, I doubt that the CIA will be =
very=20
impressed.</DIV>
<DIV> </DIV>
<DIV>It seems to me that if the only controls you have in this space is=20
certificate chaining, then you are forced into an all or nothing=20
situation. You either have to establish a unique root and a =
unique=20
certificate chain for each individual attribute , or you have to lump =
several=20
attributes into an indistinguishable group of capabilities and either =
accept=20
them all or reject them all. both alternatives seem unacceptable.</DI=
V>
<DIV> </DIV>
<DIV>ON the other hand, a bit-oriented MAC label can solve these =
problem=20
easily — you just AND all of the capabilities together, from the top =
to the=20
bottom of the chain, and see what you have when you get through. =
I'll be=20
happy to send you the URL of a document that specifies how all this can be =
done=20
if you are interested. </DIV>
<DIV> </DIV>
<DIV>Using XML names rather than bits may make this process a little bit =
more=20
user-friendly, although it also tends to make negation somewhat harder.&nbs=
p;=20
I'm sure that there are other problems, and I'm equally sure that I =
don't=20
understand them all.</DIV>
<DIV> </DIV>
<DIV>In any case, thanks for the education, and I'll go do some more=20
reading.<BR></DIV>
<DIV>Bob</DIV></BODY></HTML>
--=_CF9566E4.A8C9B4FB--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8CLWhZ05553 for ietf-pkix-bks; Wed, 12 Sep 2001 14:32:43 -0700 (PDT)
Received: from bigbird.gradient.com (bigbird.gradient.com [192.92.110.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8CLWgD05549 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 14:32:42 -0700 (PDT)
Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <SALVY870>; Wed, 12 Sep 2001 17:34:48 -0400
Message-ID: <899128A30EEDD1118FC900A0C9C74A3401033C7D@bigbird.gradient.com>
From: Hal Lockhart <hal.lockhart@entegrity.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>, ietf-pkix@imc.org
Cc: "'security-services@lists.oasis-open.org'" <security-services@lists.oasis-open.org>, xacml@lists.oasis-open.org
Subject: RE: XACML OID tag?
Date: Wed, 12 Sep 2001 17:34:48 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.10)
Content-Type: text/plain; charset="ISO-8859-7"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Bob Jueneman wrote:
> This is join to sound like heresy, but has anyone defined an
> OID tag for XACML, so that an XACML string could be included
> in a X.509 certificate?
...
> Toolkits which would provide enterprises to issue their own
> certificates have so far failed to take off to any
> significant degree
...
> One of the reasons, I believe, is that the neither the public
> TTPs nor the toolkit vendors have so far adequately addressed
> the important issue of providing a cross-enterprise Privilege
> Management Infrastructure solution. And now that they are
> feeling a very significant financial pinch, they may not have
> the wherewithal to solve that problem.
Perhaps you are simply looking for an OID to put arbitrary XML in a cert, so
this response will be overkill, but I believe your message implies a lack of
understanding of the XML security work currently going on at OASIS (SAML and
XACML)
XACML is defining the means to express Access Control Policies. I don't
really see what the semantics of an access control policy in the middle of a
cert would be.
Perhaps you are thinking of SAML. SAML has Attribute Assertions which are
almost like Attribute Certs. Also it has Authentication Assertions which
seem mostly useful in non-PKI environment. Finally there are Authorization
Decision Assertions, which are likely to be quite specific to a resource and
short lived. Again it is not clear what putting one in a cert would signify
exactly.
Of course all can be signed using XMLdsig and thus be consumers of PKIX
mechanisms. But I am unclear what sort of a use case you have in mind.
> Maybe it's just the religion of the week (XML) creating an
> evangelistic fervor, but that's where the buzz seems to be
> these days. And I'd rather drop some XACML into an X.509
> certificate and make use of the existing tools, rather than
> create everything from scratch. And yes, if X.509 attribute
> certificates had been better thought out and/or more widely
> implemented, maybe this wouldn't be necessary. And if pigs
> could whistle and cows could fly, then the world would be a
> much different place.
If you believe X.509 Attribute Certs are broken (as opposed to unused) I
would like to hear why, since SAML Attribute Assertions are very similar. On
the other hand, SAML has a lot of other machinery, so perhaps we have
already addressed your concerns.
I understand the buzz concern, but there is actually very little overlap
between the functional capabilities of PKIX and the OASIS security work.
> Anyway, does anyone have such an OID and a suggested way to
> use it? If not, I guess I'll explore rolling my own, unless
> someone else wants to join in the fun.
Before you design something, I suggest you propose a usecase or some
requirements or something.
Regards,
Hal
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8CISND02322 for ietf-pkix-bks; Wed, 12 Sep 2001 11:28:23 -0700 (PDT)
Received: from phnxpop4.phnx.uswest.net (phnxpop4.phnx.uswest.net [206.80.192.4]) by above.proper.com (8.11.6/8.11.3) with SMTP id f8CISMD02318 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 11:28:22 -0700 (PDT)
Received: (qmail 37203 invoked by alias); 12 Sep 2001 18:28:14 -0000
Delivered-To: fixup-ietf-pkix@imc.org@fixme
Received: (qmail 37014 invoked by uid 0); 12 Sep 2001 18:28:12 -0000
Received: from aadialup236.phnx.uswest.net (HELO ?192.168.0.2?) (209.181.133.236) by phnxpop4.phnx.uswest.net with SMTP; 12 Sep 2001 18:28:12 -0000
Mime-Version: 1.0
X-Sender: hoytkesterson@mail.earthlink.net
Message-Id: <a05100304b7c3e148a8ba@[192.168.0.2]>
In-Reply-To: <OF2622E57E.12FEB1E6-ON85256AC4.0049CD8B@pok.ibm.com>
References: <OF2622E57E.12FEB1E6-ON85256AC4.0049CD8B@pok.ibm.com>
Date: Wed, 12 Sep 2001 11:28:04 -0700
To: "Tom Gindin" <tgindin@us.ibm.com>, Sharon Boeyen <sharon.boeyen@entrust.com>
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
Subject: private on RE: Removing expired certificates from CRLs.....
Cc: IETF-PKIX <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
tom, sharon and i just talked about this. i agree that x.509 could
use some more clarification in this area, in particular, giving
guidance when a new extension would be recommended. we have put this
on the list of discussion topics at the flagstaff meeting the week of
24 march.
we would probably address it as a defect report and draft text for
pkix to review.
hoyt
At 9:32 AM -0400 9/11/01, Tom Gindin wrote:
> While the rules for extensibility do indeed permit the addition of
>individual fields without reference to criticality, I am not sure that they
>should do so. This particular case is an extreme one because the component
>which would have been added to the definition is not really critical
>itself. Do we need to add guidance to the standard that components should
>not be added to critical extensions without changing the OID unless the new
>component's meaning is critical to the meaning of the extension whenever it
>is present?
>
> Tom Gindin
>
>
>Sharon Boeyen <sharon.boeyen@entrust.com> on 09/10/2001 01:44:56 PM
>
>To: Tom Gindin/Watson/IBM@IBMUS
>cc: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, IETF-PKIX
> <ietf-pkix@imc.org>
>Subject: RE: Removing expired certificates from CRLs.....
>
>
>Regardless of criticality, the rules for extensibility allow additional
>components
>to be added to existing extensions without changing the OIDs. However, I
>hadn't
>considered the criticality issue and in fact the IDP extension can only be
>set to
>critical, so that probably makes it not the most desirable place to add
>this. A new
>extension is probably a better way to go. Thanks for bringing up the
>criticality issue.
>
>
>Sharon
>
>
>> -----Original Message-----
>> From: Tom Gindin [mailto:tgindin@us.ibm.com]
>> Sent: Monday, September 10, 2001 12:25 PM
>> To: Sharon Boeyen
>> Cc: 'Denis Pinkas'; IETF-PKIX
>> Subject: RE: Removing expired certificates from CRLs.....
>>
>>
>>
>>
>> Sharon:
>>
>> Like Denis, I'm in favor of a separate extension,
>> especially since I
>> think that excluding revocations of encryption certificates
>> from retention
>> is a good idea. Using the IDP makes it very advisable that
>> the syntax be
>> trimmed. Also, since the IDP is recommended to be critical
>> by both X.509
>> and PKIX, wouldn't we have to reassign its OID if we're
>> adding fields to
>> the syntax, even in a way that is backwards compatible? If
>> so, that would
>> more than neutralize any advantage to be gained by reusing a
>> well-known
>> extension.
>>
>> Tom Gindin
>>
>>
>> Sharon Boeyen <sharon.boeyen@entrust.com>@mail.imc.org on 09/10/2001
>> 11:02:03 AM
>>
>> Sent by: owner-ietf-pkix@mail.imc.org
>>
>>
>> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen
>> <sharon.boeyen@entrust.com>
>> cc: IETF-PKIX <ietf-pkix@imc.org>
>> Subject: RE: Removing expired certificates from CRLs.....
>>
>>
>> Denis, I'm not necessarily recommending one approach over the
>> other, just
>> raising the
>> options for discussion. However, I do want to note that IDP can, but
>> obviously need not, be included in a "single big" CRL just as
>> it can be in
>> a CRL DP. The only current component that would be likely be
>> present in
>> such a CRL would be the name if the IDP.
>>
>>
>> Cheers,
>> Sharon
>>
>>
>> > -----Original Message-----
>> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
>> > Sent: Monday, September 10, 2001 10:19 AM
>> > To: Sharon Boeyen
>> > Cc: IETF-PKIX
>> > Subject: Re: Removing expired certificates from CRLs.....
>> >
>> >
>> > Sharon,
>> >
>> > > Tim, I like this proposal because of its simplicity and
>> > given all the
>> > > other variable ways we have to set up CRLs, I suspect this,
>> > combined with
>> > > them, gives more than enough flexibility. Does this need
>> to be a new
>> > > extension on its own? It could be, or it could be added as
> > > an additional
>> > > parameter to the IDP extension. That might be even simpler
> > > - thoughts?
>> >
>> > As implictly said in my e-mail from this morning, I am in
>> favour of an
>> > independant extension, so that we do not mandate the use of
>> > IDP to have that
>> > additional feature. In other words, if the extension were
>> > part of IDP, a
>> > single big CRL could not benefit of that advantage.
>> >
>> > Denis
>> >
>> > > As for the different groups, if there is going to be a new
>> > extension of
>> > > this sort, I'd like it to be added to 509 and profiled by PKIX, if
>> > > possible. If the PKIX groups reaches consensus on what they
>> > want quickly
>> > > enough, that input can be submitted on behalf of PKIX to
>> > the 509 meeting
>> > > later this month. The timing is very good this time.
>> > >
>> > > Cheers,
>> > > Sharon
>> > >
>> > > > -----Original Message-----
>> > > > From: Tim Polk [mailto:tim.polk@nist.gov]
>> > > > Sent: Friday, September 07, 2001 5:20 PM
>> > > > To: Denis Pinkas; Tom Gindin
>> > > > Cc: IETF-PKIX
>> > > > Subject: Re: Removing expired certificates from CRLs.....
>> > > >
>> > > >
>> > > >
>> > > > Denis, Tom, et al.
>> > > >
>> > > > As one of several independent originators of the idea,
>> > > > (Ambarish Malpani is
>> > > > another), I thought I ought to weigh in as well. I had
>> something
>> > > > *considerably* simpler in mind. If a CRL includes revocation
>> > > > information
>> > > > for certificates that have expired, a relying party
>> > should be able to
>> > > > determine that automatically.
>> > > >
>> > > > I would suggest a noncritical CRL extension with a single
>> > > > value of type
>> > > > GeneralizedTime. The ASN.1 syntax would be
>> > > >
>> > > > ExpiredCertsOnCRL ::= GeneralizedTime
>> > > >
>> > > > As usual with PKIX times, we would require time Zulu with
>> > > > seconds (even if
>> > > > zero).
>> > > >
>> > > > The semantics for the extension would be as follows:
>> > > >
>> > > > The scope of a CRL containing this extension is
>> > > > extended to include
>> > > > certificates that expired at the exact time specified in the
>> > > > extension or
>> > > > after that time. If limitations in the CRL's scope are
>> > specified (by
>> > > > either reason codes or by distribution points), that applies
>> > > > to expired
>> > > > certificates as well.
>> > > >
>> > > > IMHO, we shouldn't make the scope of a CRL different for
>> > expired and
>> > > > unexpired certificates. This is a simple idea - let's keep
>> > > > it that way!
>> > > >
>> > > > BTW, folks were wondering why this hasn't been pursued in
>> > > > PKIX. This idea
>> > > > has been floated a couple of times, but no one was
>> really ready to
>> > > > implement it. We needed to concentrate on the core
>> > functionality. I
>> > > > floated the idea again at one of the meetings (in San Diego?)
>> > > > and Ambarish
>> > > > said he'd had the same idea and wanted to pursue it. I asked
>> > > > him to delay
>> > > > any new work in this area until the son-of-2459 is
>> approved by the
>> > > > IESG. (Neither of us realized what a long delay we'd
>> > agreed to...)
>> > > >
>> > > > Thanks,
>> > > >
>> > > > Tim Polk
>> > > >
>> >
>>
>>
>>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8CHWSE01517 for ietf-pkix-bks; Wed, 12 Sep 2001 10:32:28 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8CHWQD01513 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 10:32:26 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f8CHWKJ11753; Wed, 12 Sep 2001 10:32:20 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>
Cc: "IETF-PKIX" <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Wed, 12 Sep 2001 10:30:59 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEONCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <3B9F100F.2A7D2031@bull.net>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis,
What are your thoughts on the timeliness characteristic between OCSP and
CRLs?
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Wednesday, September 12, 2001 12:35 AM
> To: Michael Myers
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> > All,
> >
> > I think a unique extension creates the least impact.
> >
> > More broadly though, what's really bothering me is my sense that we're
> > backing into the notion of a 1-1 between CRLs and online status
> mechanisms.
> >
> > Assume an environment that both publishes CRLs and offers OCSP-based
> > services against the same set of certificates. What if:
> >
> > a) The CA receives a revocation request at T1;
> >
> > b) A database state variable is flipped at T1+N;
> >
> > c) An OCSP request is received at T1+N+M;
> >
> > d) An OCSP response is transmitted at T1+N+M+K;
> >
> > e) Yet the next CRL cycle won't run (i.e. the cron
> > job won't fire) until T1+X where X >> (N+M+K).
> >
> > Thus relying parties are enabled to pick and choose between CRLs or OCSP
> > depending on how it might benefit their argument for remedy
> under digital
> > signature laws.
> >
> > Thoughts, anyone?
>
> Some validation policies, like Signature policies are able to say whether
> CRLs or OCSP responses shall be used.
>
> As an example see: draft-ietf-smime-espolicies-01.txt
>
> EnuRevReq ::= ENUMERATED {
> clrCheck (0),
> --Checks must be made against current CRLs
> -- (or authority revocation lists (ARL))
> ocspCheck (1), -- The revocation status must be checked
> -- using the Online Certificate Status Protocol
> -- (OCSP),RFC 2450.
> bothCheck (2),
> -- Both CRL and OCSP checks must be carried out
> eitherCheck (3),
> -- At least one of CRL or OCSP checks must be
> -- carried out
> noCheck (4),
> -- no check is mandated
> other (5)
> -- Other mechanism as defined by signature policy
> -- extension
> }
>
> If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is mandated, then
> there is no conflict between the two mechanisms.
>
> Denis
>
>
> > Mike
> >
> > Michael Myers
> > t: +415.819.1362
> > e: mailto:mike@traceroutesecurity.com
> > w: http://www.traceroutesecurity.com g
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8C8JQj26152 for ietf-pkix-bks; Wed, 12 Sep 2001 01:19:26 -0700 (PDT)
Received: from mx11.nameplanet.com (mail@mx11.nameplanet.com [62.70.3.41]) by above.proper.com (8.11.6/8.11.3) with SMTP id f8C8JPD26148 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 01:19:25 -0700 (PDT)
Received: 12 Sep 2001 08:19:24 -0000
Received: from unknown (HELO www3.nameplanet.com) (192.168.2.43) by mx11 with SMTP; 12 Sep 2001 08:19:24 -0000
Received: (qmail 15359 invoked by uid 400); 12 Sep 2001 08:19:23 -0000
Date: 12 Sep 2001 08:19:23 -0000
Message-ID: <20010912081923.15353.qmail@www3.nameplanet.com>
From: libel@paris.md
To: ietf-pkix@imc.org
MIME-Version: 1.0
Subject: Question about TSP (rfc 3161)
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi,
I would like to know what are the reasons for introducing the flags "pollReq",
"pollResp" and "negPollRep" in the socket based protocol (section 3.3).
It would mean that a tsa server can divide the der code he calculated for the
response. But why would it do that?
Thanks
Libel
--
Get your firstname@lastname email for FREE at http://Nameplanet.com/?su
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8C7ZOf21285 for ietf-pkix-bks; Wed, 12 Sep 2001 00:35:24 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8C7ZMD21281 for <ietf-pkix@imc.org>; Wed, 12 Sep 2001 00:35:23 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA34282; Wed, 12 Sep 2001 09:37:23 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id JAA12704; Wed, 12 Sep 2001 09:34:38 +0200
Message-ID: <3B9F100F.2A7D2031@bull.net>
Date: Wed, 12 Sep 2001 09:34:39 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Michael Myers <myers@coastside.net>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <EOEGJNFMMIBDKGFONJJDAEODCEAA.myers@coastside.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> All,
>
> I think a unique extension creates the least impact.
>
> More broadly though, what's really bothering me is my sense that we're
> backing into the notion of a 1-1 between CRLs and online status mechanisms.
>
> Assume an environment that both publishes CRLs and offers OCSP-based
> services against the same set of certificates. What if:
>
> a) The CA receives a revocation request at T1;
>
> b) A database state variable is flipped at T1+N;
>
> c) An OCSP request is received at T1+N+M;
>
> d) An OCSP response is transmitted at T1+N+M+K;
>
> e) Yet the next CRL cycle won't run (i.e. the cron
> job won't fire) until T1+X where X >> (N+M+K).
>
> Thus relying parties are enabled to pick and choose between CRLs or OCSP
> depending on how it might benefit their argument for remedy under digital
> signature laws.
>
> Thoughts, anyone?
Some validation policies, like Signature policies are able to say whether
CRLs or OCSP responses shall be used.
As an example see: draft-ietf-smime-espolicies-01.txt
EnuRevReq ::= ENUMERATED {
clrCheck (0),
--Checks must be made against current CRLs
-- (or authority revocation lists (ARL))
ocspCheck (1), -- The revocation status must be checked
-- using the Online Certificate Status Protocol
-- (OCSP),RFC 2450.
bothCheck (2),
-- Both CRL and OCSP checks must be carried out
eitherCheck (3),
-- At least one of CRL or OCSP checks must be
-- carried out
noCheck (4),
-- no check is mandated
other (5)
-- Other mechanism as defined by signature policy
-- extension
}
If either CRL (i.e.clrCheck) or OCSP (i.e. ocspCheck) is mandated, then
there is no conflict between the two mechanisms.
Denis
> Mike
>
> Michael Myers
> t: +415.819.1362
> e: mailto:mike@traceroutesecurity.com
> w: http://www.traceroutesecurity.com g
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8C5uis06402 for ietf-pkix-bks; Tue, 11 Sep 2001 22:56:44 -0700 (PDT)
Received: from mclean.mail.mindspring.net (mclean.mail.mindspring.net [207.69.200.57]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8C5ugD06397 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 22:56:42 -0700 (PDT)
Received: from ASN-1.com (user-2ivf26u.dialup.mindspring.com [165.247.136.222]) by mclean.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id BAA00052; Wed, 12 Sep 2001 01:56:43 -0400 (EDT)
Message-ID: <3B9EF8A4.68E8A126@ASN-1.com>
Date: Wed, 12 Sep 2001 01:54:44 -0400
From: Phil Griffin <phil.griffin@asn-1.com>
Organization: Griffin Consulting
X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Peter Williams <peterw@valicert.com>
CC: ietf-pkix@imc.org
Subject: Re: XACML OID tag?
References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A32E@exchange.valicert.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Peter,
Peter Williams wrote:
>
>
> If one profiled X.509 to change the OCTET
> STRING of the extension type to be OCTET STRING
> (CONTAINING UTF8String ENCODED BY xml), then this
> would seem to meet the profiling rules, for
> the xml environment.
>
> Sharon would have to alter X.509 to remove
> the comment on extnValue that requires
> DER encoding of a (ASN.1) type. Her change
> could indicate that the encoding should DER
> unless profilers specify an CONTAINING
> and ENCODED BY to specify different rules.
> Obviously, the extnID can implicitely communicate the
> contents and encoding rule, when the defaults are
> not to be assumed.
Well, the OCTET STRING here could follow the current
rules, as could the value of it's content, a UTF8String.
But the UTF8String here would carry an XML markup payload.
But I was actually looking one level deeper when I wrote
this. That is, I was looking at this OCTET STRING as a
possible payload (in an Extension case at least) within
the extnID. So that would be an OCTET STRING that
contained "Payload" which contained a UTF8String that
carried XML markup.
Of course, there are other cases in ASN.1 messages where
such nesting would not be required.
> IT seems strange now to force a particular
> canonicalization scheme, given we have
> others now, more fitting the usage
> environment of (encoded) ASN.1 values.
>
> If we do this, we can avoid specifying
> extensions which bear an "OCTET STRING ASN.1
> type" (which then bear the xml-encoded
> utf8), merely to satisfy the comment
> in the standard.
Yes, ASN.1 values already have canonical encodings;
the commonly used DER, the unused (I think) CER,
a canonical PER variant, and soon CXER, a canonical
encoding variant of the XML Encoding Rules of ASN.1.
Phil
> -----Original Message-----
> From: Phil Griffin [mailto:phil.griffin@asn-1.com]
> Sent: Tuesday, September 11, 2001 3:02 PM
> To: Rich Salz
> Cc: Bob Jueneman; ietf-pkix@imc.org
> Subject: Re: XACML OID tag?
>
> Rich,
>
> CXER can be related to signing canonical XML
> encodings of ASN.1 values. It has not been
> targeted at all to the workings of XMLDSIG.
>
> But a canonical encoding of an ASN.1 value
> can be carried easily in an ASN.1 value, say
> an attribute or extension using
>
> Payload ::=
> OCTET STRING (CONTAINING UTF8String
> ENCODED BY xml)
>
> where "xml" is an object identifier. There are
> many other useful variants that can be processed
> by XML-aware ASN.1 tools.
>
> Phil Griffin
>
> Rich Salz wrote:
> >
> > How does CXER relate to the the XML Canoinicalization spec, designed as
> > part of XML DSIG?
> >
> > I hope the answer is "the same," but I doubt it. :(
> > /r$
> >
> > --
> > Zolera Systems, Your Key to Online Integrity
> > Securing Web services: XML, SOAP, Dig-sig, Encryption
> > http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8BNwQH02164 for ietf-pkix-bks; Tue, 11 Sep 2001 16:58:26 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8BNwOD02160 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 16:58:24 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJI00C01VYLNI@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 11 Sep 2001 16:59:09 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJI00CCJVYL3D@ext-mail.valicert.com>; Tue, 11 Sep 2001 16:59:09 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT3Z606>; Tue, 11 Sep 2001 16:51:49 -0700
Content-return: allowed
Date: Tue, 11 Sep 2001 16:51:38 -0700
From: Peter Williams <peterw@valicert.com>
Subject: RE: XACML OID tag?
To: "'Phil Griffin'" <phil.griffin@asn-1.com>
Cc: ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A32E@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
If one profiled X.509 to change the OCTET
STRING of the extension type to be OCTET STRING
(CONTAINING UTF8String ENCODED BY xml), then this
would seem to meet the profiling rules, for
the xml environment.
Sharon would have to alter X.509 to remove
the comment on extnValue that requires
DER encoding of a (ASN.1) type. Her change
could indicate that the encoding should DER
unless profilers specify an CONTAINING
and ENCODED BY to specify different rules.
Obviously, the extnID can implicitely communicate the
contents and encoding rule, when the defaults are
not to be assumed.
IT seems strange now to force a particular
canonicalization scheme, given we have
others now, more fitting the usage
environment of (encoded) ASN.1 values.
If we do this, we can avoid specifying
extensions which bear an "OCTET STRING ASN.1
type" (which then bear the xml-encoded
utf8), merely to satisfy the comment
in the standard.
-----Original Message-----
From: Phil Griffin [mailto:phil.griffin@asn-1.com]
Sent: Tuesday, September 11, 2001 3:02 PM
To: Rich Salz
Cc: Bob Jueneman; ietf-pkix@imc.org
Subject: Re: XACML OID tag?
Rich,
CXER can be related to signing canonical XML
encodings of ASN.1 values. It has not been
targeted at all to the workings of XMLDSIG.
But a canonical encoding of an ASN.1 value
can be carried easily in an ASN.1 value, say
an attribute or extension using
Payload ::=
OCTET STRING (CONTAINING UTF8String
ENCODED BY xml)
where "xml" is an object identifier. There are
many other useful variants that can be processed
by XML-aware ASN.1 tools.
Phil Griffin
Rich Salz wrote:
>
> How does CXER relate to the the XML Canoinicalization spec, designed as
> part of XML DSIG?
>
> I hope the answer is "the same," but I doubt it. :(
> /r$
>
> --
> Zolera Systems, Your Key to Online Integrity
> Securing Web services: XML, SOAP, Dig-sig, Encryption
> http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8BMGIQ01064 for ietf-pkix-bks; Tue, 11 Sep 2001 15:16:18 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8BMGGD01060 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 15:16:16 -0700 (PDT)
Received: from zolera.com (pool-141-154-57-75.bos.east.verizon.net [141.154.57.75]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8BMGTa03255; Tue, 11 Sep 2001 18:16:29 -0400
Message-ID: <3B9E8D4C.88106DC5@zolera.com>
Date: Tue, 11 Sep 2001 18:16:44 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Phil Griffin <phil.griffin@asn-1.com>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: Re: XACML OID tag?
References: <sb9c8a44.043@prv-mail20.provo.novell.com> <3B9D40A0.1F0F0AF2@ASN-1.com> <3B9E1B69.94EA0FF8@zolera.com> <3B9E89E9.F5DD837F@ASN-1.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
I don't know what CXER is, but my point is that the W3C already defined
a canonical XML format. It would be nice if there weren't two.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8BM4Ic00942 for ietf-pkix-bks; Tue, 11 Sep 2001 15:04:18 -0700 (PDT)
Received: from maynard.mail.mindspring.net (maynard.mail.mindspring.net [207.69.200.243]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8BM4GD00937 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 15:04:16 -0700 (PDT)
Received: from ASN-1.com (user-2ivf6eu.dialup.mindspring.com [165.247.153.222]) by maynard.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id SAA07815; Tue, 11 Sep 2001 18:04:14 -0400 (EDT)
Message-ID: <3B9E89E9.F5DD837F@ASN-1.com>
Date: Tue, 11 Sep 2001 18:02:17 -0400
From: Phil Griffin <phil.griffin@asn-1.com>
Organization: Griffin Consulting
X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Rich Salz <rsalz@zolera.com>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: Re: XACML OID tag?
References: <sb9c8a44.043@prv-mail20.provo.novell.com> <3B9D40A0.1F0F0AF2@ASN-1.com> <3B9E1B69.94EA0FF8@zolera.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Rich,
CXER can be related to signing canonical XML
encodings of ASN.1 values. It has not been
targeted at all to the workings of XMLDSIG.
But a canonical encoding of an ASN.1 value
can be carried easily in an ASN.1 value, say
an attribute or extension using
Payload ::=
OCTET STRING (CONTAINING UTF8String
ENCODED BY xml)
where "xml" is an object identifier. There are
many other useful variants that can be processed
by XML-aware ASN.1 tools.
Phil Griffin
Rich Salz wrote:
>
> How does CXER relate to the the XML Canoinicalization spec, designed as
> part of XML DSIG?
>
> I hope the answer is "the same," but I doubt it. :(
> /r$
>
> --
> Zolera Systems, Your Key to Online Integrity
> Securing Web services: XML, SOAP, Dig-sig, Encryption
> http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8BEAZl14211 for ietf-pkix-bks; Tue, 11 Sep 2001 07:10:35 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8BEAXD14207 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 07:10:33 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f8BEAna00355; Tue, 11 Sep 2001 10:10:49 -0400
Message-ID: <3B9E1B69.94EA0FF8@zolera.com>
Date: Tue, 11 Sep 2001 10:10:49 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Phil Griffin <phil.griffin@asn-1.com>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: Re: XACML OID tag?
References: <sb9c8a44.043@prv-mail20.provo.novell.com> <3B9D40A0.1F0F0AF2@ASN-1.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
How does CXER relate to the the XML Canoinicalization spec, designed as
part of XML DSIG?
I hope the answer is "the same," but I doubt it. :(
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8BDX0t12128 for ietf-pkix-bks; Tue, 11 Sep 2001 06:33:00 -0700 (PDT)
Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.104]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8BDWwD12124 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 06:32:58 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e4.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id JAA114306; Tue, 11 Sep 2001 09:30:37 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f8BDOhi34798; Tue, 11 Sep 2001 09:24:43 -0400
Importance: Normal
Subject: RE: Removing expired certificates from CRLs.....
To: Sharon Boeyen <sharon.boeyen@entrust.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OF2622E57E.12FEB1E6-ON85256AC4.0049CD8B@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Tue, 11 Sep 2001 09:32:53 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/11/2001 09:32:52 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
While the rules for extensibility do indeed permit the addition of
individual fields without reference to criticality, I am not sure that they
should do so. This particular case is an extreme one because the component
which would have been added to the definition is not really critical
itself. Do we need to add guidance to the standard that components should
not be added to critical extensions without changing the OID unless the new
component's meaning is critical to the meaning of the extension whenever it
is present?
Tom Gindin
Sharon Boeyen <sharon.boeyen@entrust.com> on 09/10/2001 01:44:56 PM
To: Tom Gindin/Watson/IBM@IBMUS
cc: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, IETF-PKIX
<ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Regardless of criticality, the rules for extensibility allow additional
components
to be added to existing extensions without changing the OIDs. However, I
hadn't
considered the criticality issue and in fact the IDP extension can only be
set to
critical, so that probably makes it not the most desirable place to add
this. A new
extension is probably a better way to go. Thanks for bringing up the
criticality issue.
Sharon
> -----Original Message-----
> From: Tom Gindin [mailto:tgindin@us.ibm.com]
> Sent: Monday, September 10, 2001 12:25 PM
> To: Sharon Boeyen
> Cc: 'Denis Pinkas'; IETF-PKIX
> Subject: RE: Removing expired certificates from CRLs.....
>
>
>
>
> Sharon:
>
> Like Denis, I'm in favor of a separate extension,
> especially since I
> think that excluding revocations of encryption certificates
> from retention
> is a good idea. Using the IDP makes it very advisable that
> the syntax be
> trimmed. Also, since the IDP is recommended to be critical
> by both X.509
> and PKIX, wouldn't we have to reassign its OID if we're
> adding fields to
> the syntax, even in a way that is backwards compatible? If
> so, that would
> more than neutralize any advantage to be gained by reusing a
> well-known
> extension.
>
> Tom Gindin
>
>
> Sharon Boeyen <sharon.boeyen@entrust.com>@mail.imc.org on 09/10/2001
> 11:02:03 AM
>
> Sent by: owner-ietf-pkix@mail.imc.org
>
>
> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen
> <sharon.boeyen@entrust.com>
> cc: IETF-PKIX <ietf-pkix@imc.org>
> Subject: RE: Removing expired certificates from CRLs.....
>
>
> Denis, I'm not necessarily recommending one approach over the
> other, just
> raising the
> options for discussion. However, I do want to note that IDP can, but
> obviously need not, be included in a "single big" CRL just as
> it can be in
> a CRL DP. The only current component that would be likely be
> present in
> such a CRL would be the name if the IDP.
>
>
> Cheers,
> Sharon
>
>
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Monday, September 10, 2001 10:19 AM
> > To: Sharon Boeyen
> > Cc: IETF-PKIX
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> > Sharon,
> >
> > > Tim, I like this proposal because of its simplicity and
> > given all the
> > > other variable ways we have to set up CRLs, I suspect this,
> > combined with
> > > them, gives more than enough flexibility. Does this need
> to be a new
> > > extension on its own? It could be, or it could be added as
> > an additional
> > > parameter to the IDP extension. That might be even simpler
> > - thoughts?
> >
> > As implictly said in my e-mail from this morning, I am in
> favour of an
> > independant extension, so that we do not mandate the use of
> > IDP to have that
> > additional feature. In other words, if the extension were
> > part of IDP, a
> > single big CRL could not benefit of that advantage.
> >
> > Denis
> >
> > > As for the different groups, if there is going to be a new
> > extension of
> > > this sort, I'd like it to be added to 509 and profiled by PKIX, if
> > > possible. If the PKIX groups reaches consensus on what they
> > want quickly
> > > enough, that input can be submitted on behalf of PKIX to
> > the 509 meeting
> > > later this month. The timing is very good this time.
> > >
> > > Cheers,
> > > Sharon
> > >
> > > > -----Original Message-----
> > > > From: Tim Polk [mailto:tim.polk@nist.gov]
> > > > Sent: Friday, September 07, 2001 5:20 PM
> > > > To: Denis Pinkas; Tom Gindin
> > > > Cc: IETF-PKIX
> > > > Subject: Re: Removing expired certificates from CRLs.....
> > > >
> > > >
> > > >
> > > > Denis, Tom, et al.
> > > >
> > > > As one of several independent originators of the idea,
> > > > (Ambarish Malpani is
> > > > another), I thought I ought to weigh in as well. I had
> something
> > > > *considerably* simpler in mind. If a CRL includes revocation
> > > > information
> > > > for certificates that have expired, a relying party
> > should be able to
> > > > determine that automatically.
> > > >
> > > > I would suggest a noncritical CRL extension with a single
> > > > value of type
> > > > GeneralizedTime. The ASN.1 syntax would be
> > > >
> > > > ExpiredCertsOnCRL ::= GeneralizedTime
> > > >
> > > > As usual with PKIX times, we would require time Zulu with
> > > > seconds (even if
> > > > zero).
> > > >
> > > > The semantics for the extension would be as follows:
> > > >
> > > > The scope of a CRL containing this extension is
> > > > extended to include
> > > > certificates that expired at the exact time specified in the
> > > > extension or
> > > > after that time. If limitations in the CRL's scope are
> > specified (by
> > > > either reason codes or by distribution points), that applies
> > > > to expired
> > > > certificates as well.
> > > >
> > > > IMHO, we shouldn't make the scope of a CRL different for
> > expired and
> > > > unexpired certificates. This is a simple idea - let's keep
> > > > it that way!
> > > >
> > > > BTW, folks were wondering why this hasn't been pursued in
> > > > PKIX. This idea
> > > > has been floated a couple of times, but no one was
> really ready to
> > > > implement it. We needed to concentrate on the core
> > functionality. I
> > > > floated the idea again at one of the meetings (in San Diego?)
> > > > and Ambarish
> > > > said he'd had the same idea and wanted to pursue it. I asked
> > > > him to delay
> > > > any new work in this area until the son-of-2459 is
> approved by the
> > > > IESG. (Neither of us realized what a long delay we'd
> > agreed to...)
> > > >
> > > > Thanks,
> > > >
> > > > Tim Polk
> > > >
> >
>
>
>
Received: by above.proper.com (8.11.6/8.11.3) id f8B7TQg12733 for ietf-pkix-bks; Tue, 11 Sep 2001 00:29:26 -0700 (PDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [199.203.73.68]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8B7TPD12722 for <ietf-pkix@imc.org>; Tue, 11 Sep 2001 00:29:25 -0700 (PDT)
Received: from earl (localhost [127.0.0.1]) by michael.checkpoint.com (8.9.3/8.9.1) with SMTP id JAA02463; Tue, 11 Sep 2001 09:29:18 +0200 (IST)
From: "Avi Gozlan" <avi@checkpoint.com>
To: <ietf-pkix@imc.org>
Subject: CMC issue - CA identification
Date: Tue, 11 Sep 2001 10:32:48 +0300
Message-ID: <002001c13a93$f57ba850$148d96d4@checkpoint.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hello,
CMC supplies the identityProof mechanism, by which a CA can immidiately and
automatically identify a CMC client. However, there are no means by which
the CA identifies itself to the CMC client. According to section 4.4 of RFC
2797, clients must explicitly approve trust of the included self-signed
certificate.
In the cases where the identityProof machanism is used the end entity and
the CA share a secret. The secret can be used to authenticate the reply as
well as the request.
Following is a proposal that utilizes this mechanism in the reply.
This way of authentication has some advantages:
- Same strength of authentication on the client side as on the CA side
- More secure - users are not always familiar with approving a CA or its
fingerprint
- Easier to use, no user intervention is required for CA identification
Is it possible that such an automatic identification proof will be added to
CMC (or descendant)?
Here is the proposal:
1. The buffer of the self-signed certificate in the "certificate" portion of
the signedData is the value to be validated
2. A SHA1 hash of the token is computed.
3. An HMAC-SHA1 value is then computed over the value produced in Step 1,
using the hash of the token from Step 2 as the shared secret value
4. The 160-bit-HMAC-SHA1 result from Step 3 is then encoded as the value of
the identityProof attribute.
When the client verifies the identityProof attribute, it extracts the
self-signed certificate from the chain included in the "certificate" portion
of the signedData. It then computes the HMAC-SHA1 value in the same way and
compares it to the identityProof attribute contained in the enrollment
request.
Thanks,
Avi Gozlan
PKI team
Check Point Software Technologies LTD.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AMpdB26725 for ietf-pkix-bks; Mon, 10 Sep 2001 15:51:39 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AMpbD26632 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 15:51:37 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJG00701Y7A9I@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 10 Sep 2001 15:52:22 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJG006IOY79NI@ext-mail.valicert.com>; Mon, 10 Sep 2001 15:52:21 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT3ZYD2>; Mon, 10 Sep 2001 15:45:04 -0700
Content-return: allowed
Date: Mon, 10 Sep 2001 15:44:54 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Michael Myers'" <myers@coastside.net>, IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE27B@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Michael --
Your point that there is not necessarily a 1-1 relationship is
valid, however it is not uncommon for a responder to receive its revocation
information from CRLs and in this case there could be such a relationship.
Additionally since the overall goal in this case is the same for both OCSP
and CRLs; why not just use them same model to solve the problem?
Ryan
-----Original Message-----
From: Michael Myers [mailto:myers@coastside.net]
Sent: Monday, September 10, 2001 2:28 PM
To: IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
All,
I think a unique extension creates the least impact.
More broadly though, what's really bothering me is my sense that we're
backing into the notion of a 1-1 between CRLs and online status mechanisms.
Assume an environment that both publishes CRLs and offers OCSP-based
services against the same set of certificates. What if:
a) The CA receives a revocation request at T1;
b) A database state variable is flipped at T1+N;
c) An OCSP request is received at T1+N+M;
d) An OCSP response is transmitted at T1+N+M+K;
e) Yet the next CRL cycle won't run (i.e. the cron
job won't fire) until T1+X where X >> (N+M+K).
Thus relying parties are enabled to pick and choose between CRLs or OCSP
depending on how it might benefit their argument for remedy under digital
signature laws.
Thoughts, anyone?
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com g
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AMdXG28021 for ietf-pkix-bks; Mon, 10 Sep 2001 15:39:33 -0700 (PDT)
Received: from granger.mail.mindspring.net (granger.mail.mindspring.net [207.69.200.148]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AMdUD27855 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 15:39:30 -0700 (PDT)
Received: from ASN-1.com (user-2ivf0sm.dialup.mindspring.com [165.247.131.150]) by granger.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id SAA17775; Mon, 10 Sep 2001 18:39:20 -0400 (EDT)
Message-ID: <3B9D40A0.1F0F0AF2@ASN-1.com>
Date: Mon, 10 Sep 2001 18:37:20 -0400
From: Phil Griffin <phil.griffin@asn-1.com>
Organization: Griffin Consulting
X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Bob Jueneman <bjueneman@novell.com>
CC: ietf-pkix@imc.org
Subject: Re: XACML OID tag?
References: <sb9c8a44.043@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Bob,
Not sure if this is exactly what you're getting at,
but XML 1.0 markup is now a textual encoding of ASN.1
values based on ASN.1 notation (schema) and a new
part of the ASN.1 standards.
XER is the XML Encoding Rules of ASN.1, and CXER
is a canonical form of XER, in the same manner that
DER is a canonical encoding of BER. CXER is suitable
for the same types of operations. I'm told that tool
support is will be available from vendors in the
fourth quarter of this year.
The new ASN.1 XML Value Notation is an alternative
to the ASN.1 Basic Notation which will be much more
familiar and natural to use for many folks. The values
are equivalent to current ASN.1 abstract values. This
means that it will be possible to send compact binary
encodings over the wire, but to decode them into more
verbose XML markup. Alternatively, the same abstract
values can be transferred as XML markup.
See http://asn1.elibel.tm.fr/en/xml/index.htm for
more information. This page will be updated soon with
the meeting results and accomplishments of the last
two weeks in Bangalore India as soon as folks recover
from travel.
There will be several new OIDs defined in the ASN.1
standards; one to identify XML. Another being kicked
about will identify gZIPed encoded values. These OIDs
will be built into the standards.
Phil Griffin
Bob Jueneman wrote:
>
> This is join to sound like heresy, but has anyone defined an OID tag for XACML, so that an XACML string could be included in a X.509 certificate?
>
> Now, I fully expect to be assailed from both sides for this question ¯ one for mixing XML into a bastardized certificate format instead of using pure ASN.1 as God obviously intended, and the other for daring to pour holy XML into such an impure, defiled, and unclean vessel as an X.509 certificate.
>
> So be it, and let the flames begin.
>
> But I'm observing that conventional, identity-based PKI is suffering what the medical community calls a "failure to thrive", with the sole exception being SSL certificates issued by the TTP CAs, with VeriSign obviously having the mind share in that space.
>
> Toolkits which would provide enterprises to issue their own certificates have so far failed to take off to any significant degree (ours included), with the consequence that some of those vendors, who once flew so high, are close to being delisted by the NASDAQ.
>
> One of the reasons, I believe, is that the neither the public TTPs nor the toolkit vendors have so far adequately addressed the important issue of providing a cross-enterprise Privilege Management Infrastructure solution. And now that they are feeling a very significant financial pinch, they may not have the wherewithal to solve that problem.
>
> Maybe it's just the religion of the week (XML) creating an evangelistic fervor, but that's where the buzz seems to be these days. And I'd rather drop some XACML into an X.509 certificate and make use of the existing tools, rather than create everything from scratch. And yes, if X.509 attribute certificates had been better thought out and/or more widely implemented, maybe this wouldn't be necessary. And if pigs could whistle and cows could fly, then the world would be a much different place.
>
> Anyway, does anyone have such an OID and a suggested way to use it? If not, I guess I'll explore rolling my own, unless someone else wants to join in the fun.
>
> Bob
>
> Robert R. Jueneman
> Security Architect
>
> Novell, Inc -- the leading provider of Net services software
>
> ------------------------------------------------------------------------
>
> Bob Jueneman.vcfName: Bob Jueneman.vcf
> Type: Plain Text (text/plain)
Received: by above.proper.com (8.11.6/8.11.3) id f8ALSwn08382 for ietf-pkix-bks; Mon, 10 Sep 2001 14:28:58 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8ALSuD08376 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 14:28:56 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f8ALSvJ26555 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 14:28:57 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "IETF-PKIX" <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Mon, 10 Sep 2001 14:27:37 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDAEODCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <9A4F653B0A375841AC75A8D17712B9C9B2733C@sottmxs04.entrust.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
All,
I think a unique extension creates the least impact.
More broadly though, what's really bothering me is my sense that we're
backing into the notion of a 1-1 between CRLs and online status mechanisms.
Assume an environment that both publishes CRLs and offers OCSP-based
services against the same set of certificates. What if:
a) The CA receives a revocation request at T1;
b) A database state variable is flipped at T1+N;
c) An OCSP request is received at T1+N+M;
d) An OCSP response is transmitted at T1+N+M+K;
e) Yet the next CRL cycle won't run (i.e. the cron
job won't fire) until T1+X where X >> (N+M+K).
Thus relying parties are enabled to pick and choose between CRLs or OCSP
depending on how it might benefit their argument for remedy under digital
signature laws.
Thoughts, anyone?
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com g
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AJV2i05022 for ietf-pkix-bks; Mon, 10 Sep 2001 12:31:02 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AJV0D05012 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 12:31:01 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJG00601OWW6G@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 10 Sep 2001 12:31:44 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJG005LAOWVEK@ext-mail.valicert.com>; Mon, 10 Sep 2001 12:31:44 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT3ZXJT>; Mon, 10 Sep 2001 12:24:27 -0700
Content-return: allowed
Date: Mon, 10 Sep 2001 12:24:24 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'Tim Polk'" <tim.polk@nist.gov>, Denis Pinkas <Denis.Pinkas@bull.net>, Tom Gindin <tgindin@us.ibm.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE26E@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_SnLtbEzNOftJ3a9c4FnrxA)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_SnLtbEzNOftJ3a9c4FnrxA)
Content-type: text/plain
Sharon -
I would rather see this as a separate extension, traditionally
you will only see IDPs in partitioned CRLs and since this would be
independent of that it seems simpler to keep it separate.
Ryan
-----Original Message-----
From: Sharon Boeyen [mailto:sharon.boeyen@entrust.com]
Sent: Monday, September 10, 2001 7:10 AM
To: 'Tim Polk'; Denis Pinkas; Tom Gindin
Cc: IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Tim, I like this proposal because of its simplicity and given all the other
variable ways we have to set up CRLs, I suspect this, combined with them,
gives more than enough flexibility. Does this need to be a new extension on
its own? It could be, or it could be added as an additional parameter to the
IDP extension. That might be even simpler - thoughts?
As for the different groups, if there is going to be a new extension of this
sort, I'd like it to be added to 509 and profiled by PKIX, if possible. If
the PKIX groups reaches consensus on what they want quickly enough, that
input can be submitted on behalf of PKIX to the 509 meeting later this
month. The timing is very good this time.
Cheers,
Sharon
> -----Original Message-----
> From: Tim Polk [mailto:tim.polk@nist.gov <mailto:tim.polk@nist.gov> ]
> Sent: Friday, September 07, 2001 5:20 PM
> To: Denis Pinkas; Tom Gindin
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Denis, Tom, et al.
>
> As one of several independent originators of the idea,
> (Ambarish Malpani is
> another), I thought I ought to weigh in as well. I had something
> *considerably* simpler in mind. If a CRL includes revocation
> information
> for certificates that have expired, a relying party should be able to
> determine that automatically.
>
> I would suggest a noncritical CRL extension with a single
> value of type
> GeneralizedTime. The ASN.1 syntax would be
>
> ExpiredCertsOnCRL ::= GeneralizedTime
>
> As usual with PKIX times, we would require time Zulu with
> seconds (even if
> zero).
>
> The semantics for the extension would be as follows:
>
> The scope of a CRL containing this extension is
> extended to include
> certificates that expired at the exact time specified in the
> extension or
> after that time. If limitations in the CRL's scope are specified (by
> either reason codes or by distribution points), that applies
> to expired
> certificates as well.
>
> IMHO, we shouldn't make the scope of a CRL different for expired and
> unexpired certificates. This is a simple idea - let's keep
> it that way!
>
> BTW, folks were wondering why this hasn't been pursued in
> PKIX. This idea
> has been floated a couple of times, but no one was really ready to
> implement it. We needed to concentrate on the core functionality. I
> floated the idea again at one of the meetings (in San Diego?)
> and Ambarish
> said he'd had the same idea and wanted to pursue it. I asked
> him to delay
> any new work in this area until the son-of-2459 is approved by the
> IESG. (Neither of us realized what a long delay we'd agreed to...)
>
> Thanks,
>
> Tim Polk
>
--Boundary_(ID_SnLtbEzNOftJ3a9c4FnrxA)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C139F4.52454780">
<title>RE: Removing expired certificates from CRLs.....</title>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;
text-underline:single;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dblue =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><st1:City><st1:place><font size=3D2 color=3Dnavy =
face=3DArial><span
=
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Sharon</span></f=
ont></st1:place></st1:City><font
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'> -<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><span =
style=3D'mso-tab-count:1'> &nbs=
p; </span>I
would rather see this as a separate extension, traditionally you will =
only see <span
class=3DSpellE>IDPs</span> in partitioned <span =
class=3DSpellE>CRLs</span> and
since this would be independent of that it seems simpler to keep it =
separate.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ryan<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Sharon Boeyen
[mailto:sharon.boeyen@entrust.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Monday, September =
10, 2001
7:10 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Tim Polk'; Denis =
Pinkas; Tom
Gindin<br>
<b><span style=3D'font-weight:bold'>Cc:</span></b> IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: Removing =
expired
certificates from CRLs.....</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>Tim, I like this proposal because of its =
simplicity
and given all the other variable ways we have to set up CRLs, I suspect =
this,
combined with them, gives more than enough flexibility. Does this need =
to be a
new extension on its own? It could be, or it could be added as an =
additional
parameter to the IDP extension. That might be even simpler - =
thoughts?</span></font><o:p></o:p></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>As for the different groups, if there is =
going to be a
new extension of this sort, I'd like it to be added to 509 and profiled =
by
PKIX, if possible. If the PKIX groups reaches consensus on what they =
want
quickly enough, that input can be submitted on behalf of PKIX to the =
509
meeting later this month. The timing is very good this =
time.</span></font><o:p></o:p></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>Cheers,</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>Sharon</span></font> =
<o:p></o:p></p>
<p style=3D'margin-left:.5in'><font size=3D2 face=3D"Times New =
Roman"><span
style=3D'font-size:10.0pt'>> -----Original =
Message-----</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> From: Tim Polk [<a
href=3D"mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</a>]</span></=
font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Sent: Friday, =
September 07,
2001 5:20 PM</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> To: Denis Pinkas; =
Tom Gindin</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Cc: =
IETF-PKIX</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Subject: Re: =
Removing expired
certificates from CRLs.....</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Denis, Tom, et =
al.</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> As one of several =
independent
originators of the idea, </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> (Ambarish Malpani =
is </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> another), I =
thought I ought to
weigh in as well. I had something </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> *considerably* =
simpler in
mind. If a CRL includes revocation </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> information =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> for certificates =
that have
expired, a relying party should be able to </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> determine that =
automatically.</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> I would suggest a =
noncritical
CRL extension with a single </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> value of type =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
GeneralizedTime.
The ASN.1 syntax would be</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
ExpiredCertsOnCRL ::=3D GeneralizedTime</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> As usual with PKIX =
times, we
would require time Zulu with </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> seconds (even if =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
zero).</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> The semantics for =
the
extension would be as follows:</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
The scope of a CRL containing this extension is </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> extended to =
include </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> certificates that =
expired
at the exact time specified in the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> extension or =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> after that =
time. If
limitations in the CRL's scope are specified (by </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> either reason =
codes or by
distribution points), that applies </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> to expired =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> certificates as =
well.</span></font>
<br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> IMHO, we shouldn't =
make the
scope of a CRL different for expired and </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> unexpired =
certificates.
This is a simple idea - let's keep </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> it that =
way!</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> BTW, folks were =
wondering why
this hasn't been pursued in </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> PKIX. This =
idea </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> has been floated a =
couple of
times, but no one was really ready to </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> implement =
it. We needed
to concentrate on the core functionality. I </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> floated the idea =
again at one
of the meetings (in San Diego?) </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> and Ambarish =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> said he'd had the =
same idea
and wanted to pursue it. I asked </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> him to delay =
</span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> any new work in =
this area
until the son-of-2459 is approved by the </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> IESG. =
(Neither of us
realized what a long delay we'd agreed to...)</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
Thanks,</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> </span></font><br>
<font size=3D2><span style=3D'font-size:10.0pt'>> Tim =
Polk</span></font> <br>
<font size=3D2><span style=3D'font-size:10.0pt'>> =
</span></font><o:p></o:p></p>
</div>
</body>
</html>
--Boundary_(ID_SnLtbEzNOftJ3a9c4FnrxA)--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AHj6j02404 for ietf-pkix-bks; Mon, 10 Sep 2001 10:45:06 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AHj3D02400 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 10:45:03 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SSWH8Z3C>; Mon, 10 Sep 2001 13:44:58 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B2733C@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'Tom Gindin'" <tgindin@us.ibm.com>
Cc: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Mon, 10 Sep 2001 13:44:56 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13A20.4E2470A0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C13A20.4E2470A0
Content-Type: text/plain
Regardless of criticality, the rules for extensibility allow additional
components
to be added to existing extensions without changing the OIDs. However, I
hadn't
considered the criticality issue and in fact the IDP extension can only be
set to
critical, so that probably makes it not the most desirable place to add
this. A new
extension is probably a better way to go. Thanks for bringing up the
criticality issue.
Sharon
> -----Original Message-----
> From: Tom Gindin [mailto:tgindin@us.ibm.com]
> Sent: Monday, September 10, 2001 12:25 PM
> To: Sharon Boeyen
> Cc: 'Denis Pinkas'; IETF-PKIX
> Subject: RE: Removing expired certificates from CRLs.....
>
>
>
>
> Sharon:
>
> Like Denis, I'm in favor of a separate extension,
> especially since I
> think that excluding revocations of encryption certificates
> from retention
> is a good idea. Using the IDP makes it very advisable that
> the syntax be
> trimmed. Also, since the IDP is recommended to be critical
> by both X.509
> and PKIX, wouldn't we have to reassign its OID if we're
> adding fields to
> the syntax, even in a way that is backwards compatible? If
> so, that would
> more than neutralize any advantage to be gained by reusing a
> well-known
> extension.
>
> Tom Gindin
>
>
> Sharon Boeyen <sharon.boeyen@entrust.com>@mail.imc.org on 09/10/2001
> 11:02:03 AM
>
> Sent by: owner-ietf-pkix@mail.imc.org
>
>
> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen
> <sharon.boeyen@entrust.com>
> cc: IETF-PKIX <ietf-pkix@imc.org>
> Subject: RE: Removing expired certificates from CRLs.....
>
>
> Denis, I'm not necessarily recommending one approach over the
> other, just
> raising the
> options for discussion. However, I do want to note that IDP can, but
> obviously need not, be included in a "single big" CRL just as
> it can be in
> a CRL DP. The only current component that would be likely be
> present in
> such a CRL would be the name if the IDP.
>
>
> Cheers,
> Sharon
>
>
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Monday, September 10, 2001 10:19 AM
> > To: Sharon Boeyen
> > Cc: IETF-PKIX
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> > Sharon,
> >
> > > Tim, I like this proposal because of its simplicity and
> > given all the
> > > other variable ways we have to set up CRLs, I suspect this,
> > combined with
> > > them, gives more than enough flexibility. Does this need
> to be a new
> > > extension on its own? It could be, or it could be added as
> > an additional
> > > parameter to the IDP extension. That might be even simpler
> > - thoughts?
> >
> > As implictly said in my e-mail from this morning, I am in
> favour of an
> > independant extension, so that we do not mandate the use of
> > IDP to have that
> > additional feature. In other words, if the extension were
> > part of IDP, a
> > single big CRL could not benefit of that advantage.
> >
> > Denis
> >
> > > As for the different groups, if there is going to be a new
> > extension of
> > > this sort, I'd like it to be added to 509 and profiled by PKIX, if
> > > possible. If the PKIX groups reaches consensus on what they
> > want quickly
> > > enough, that input can be submitted on behalf of PKIX to
> > the 509 meeting
> > > later this month. The timing is very good this time.
> > >
> > > Cheers,
> > > Sharon
> > >
> > > > -----Original Message-----
> > > > From: Tim Polk [mailto:tim.polk@nist.gov]
> > > > Sent: Friday, September 07, 2001 5:20 PM
> > > > To: Denis Pinkas; Tom Gindin
> > > > Cc: IETF-PKIX
> > > > Subject: Re: Removing expired certificates from CRLs.....
> > > >
> > > >
> > > >
> > > > Denis, Tom, et al.
> > > >
> > > > As one of several independent originators of the idea,
> > > > (Ambarish Malpani is
> > > > another), I thought I ought to weigh in as well. I had
> something
> > > > *considerably* simpler in mind. If a CRL includes revocation
> > > > information
> > > > for certificates that have expired, a relying party
> > should be able to
> > > > determine that automatically.
> > > >
> > > > I would suggest a noncritical CRL extension with a single
> > > > value of type
> > > > GeneralizedTime. The ASN.1 syntax would be
> > > >
> > > > ExpiredCertsOnCRL ::= GeneralizedTime
> > > >
> > > > As usual with PKIX times, we would require time Zulu with
> > > > seconds (even if
> > > > zero).
> > > >
> > > > The semantics for the extension would be as follows:
> > > >
> > > > The scope of a CRL containing this extension is
> > > > extended to include
> > > > certificates that expired at the exact time specified in the
> > > > extension or
> > > > after that time. If limitations in the CRL's scope are
> > specified (by
> > > > either reason codes or by distribution points), that applies
> > > > to expired
> > > > certificates as well.
> > > >
> > > > IMHO, we shouldn't make the scope of a CRL different for
> > expired and
> > > > unexpired certificates. This is a simple idea - let's keep
> > > > it that way!
> > > >
> > > > BTW, folks were wondering why this hasn't been pursued in
> > > > PKIX. This idea
> > > > has been floated a couple of times, but no one was
> really ready to
> > > > implement it. We needed to concentrate on the core
> > functionality. I
> > > > floated the idea again at one of the meetings (in San Diego?)
> > > > and Ambarish
> > > > said he'd had the same idea and wanted to pursue it. I asked
> > > > him to delay
> > > > any new work in this area until the son-of-2459 is
> approved by the
> > > > IESG. (Neither of us realized what a long delay we'd
> > agreed to...)
> > > >
> > > > Thanks,
> > > >
> > > > Tim Polk
> > > >
> >
>
>
>
------_=_NextPart_001_01C13A20.4E2470A0
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35">
<TITLE>RE: Removing expired certificates from CRLs.....</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Regardless of criticality, the rules for extensibility allow additional components</FONT>
<BR><FONT SIZE=2>to be added to existing extensions without changing the OIDs. However, I hadn't </FONT>
<BR><FONT SIZE=2>considered the criticality issue and in fact the IDP extension can only be set to </FONT>
<BR><FONT SIZE=2>critical, so that probably makes it not the most desirable place to add this. A new</FONT>
<BR><FONT SIZE=2>extension is probably a better way to go. Thanks for bringing up the criticality issue.</FONT>
</P>
<P><FONT SIZE=2>Sharon</FONT>
</P>
<P><FONT SIZE=2>> -----Original Message-----</FONT>
<BR><FONT SIZE=2>> From: Tom Gindin [<A HREF="mailto:tgindin@us.ibm.com">mailto:tgindin@us.ibm.com</A>]</FONT>
<BR><FONT SIZE=2>> Sent: Monday, September 10, 2001 12:25 PM</FONT>
<BR><FONT SIZE=2>> To: Sharon Boeyen</FONT>
<BR><FONT SIZE=2>> Cc: 'Denis Pinkas'; IETF-PKIX</FONT>
<BR><FONT SIZE=2>> Subject: RE: Removing expired certificates from CRLs.....</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Sharon:</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Like Denis, I'm in favor of a separate extension, </FONT>
<BR><FONT SIZE=2>> especially since I</FONT>
<BR><FONT SIZE=2>> think that excluding revocations of encryption certificates </FONT>
<BR><FONT SIZE=2>> from retention</FONT>
<BR><FONT SIZE=2>> is a good idea. Using the IDP makes it very advisable that </FONT>
<BR><FONT SIZE=2>> the syntax be</FONT>
<BR><FONT SIZE=2>> trimmed. Also, since the IDP is recommended to be critical </FONT>
<BR><FONT SIZE=2>> by both X.509</FONT>
<BR><FONT SIZE=2>> and PKIX, wouldn't we have to reassign its OID if we're </FONT>
<BR><FONT SIZE=2>> adding fields to</FONT>
<BR><FONT SIZE=2>> the syntax, even in a way that is backwards compatible? If </FONT>
<BR><FONT SIZE=2>> so, that would</FONT>
<BR><FONT SIZE=2>> more than neutralize any advantage to be gained by reusing a </FONT>
<BR><FONT SIZE=2>> well-known</FONT>
<BR><FONT SIZE=2>> extension.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Tom Gindin</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Sharon Boeyen <sharon.boeyen@entrust.com>@mail.imc.org on 09/10/2001</FONT>
<BR><FONT SIZE=2>> 11:02:03 AM</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Sent by: owner-ietf-pkix@mail.imc.org</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen</FONT>
<BR><FONT SIZE=2>> <sharon.boeyen@entrust.com></FONT>
<BR><FONT SIZE=2>> cc: IETF-PKIX <ietf-pkix@imc.org></FONT>
<BR><FONT SIZE=2>> Subject: RE: Removing expired certificates from CRLs.....</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Denis, I'm not necessarily recommending one approach over the </FONT>
<BR><FONT SIZE=2>> other, just</FONT>
<BR><FONT SIZE=2>> raising the</FONT>
<BR><FONT SIZE=2>> options for discussion. However, I do want to note that IDP can, but</FONT>
<BR><FONT SIZE=2>> obviously need not, be included in a "single big" CRL just as </FONT>
<BR><FONT SIZE=2>> it can be in</FONT>
<BR><FONT SIZE=2>> a CRL DP. The only current component that would be likely be </FONT>
<BR><FONT SIZE=2>> present in</FONT>
<BR><FONT SIZE=2>> such a CRL would be the name if the IDP.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Cheers,</FONT>
<BR><FONT SIZE=2>> Sharon</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > -----Original Message-----</FONT>
<BR><FONT SIZE=2>> > From: Denis Pinkas [<A HREF="mailto:Denis.Pinkas@bull.net">mailto:Denis.Pinkas@bull.net</A>]</FONT>
<BR><FONT SIZE=2>> > Sent: Monday, September 10, 2001 10:19 AM</FONT>
<BR><FONT SIZE=2>> > To: Sharon Boeyen</FONT>
<BR><FONT SIZE=2>> > Cc: IETF-PKIX</FONT>
<BR><FONT SIZE=2>> > Subject: Re: Removing expired certificates from CRLs.....</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Sharon,</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > > Tim, I like this proposal because of its simplicity and</FONT>
<BR><FONT SIZE=2>> > given all the</FONT>
<BR><FONT SIZE=2>> > > other variable ways we have to set up CRLs, I suspect this,</FONT>
<BR><FONT SIZE=2>> > combined with</FONT>
<BR><FONT SIZE=2>> > > them, gives more than enough flexibility. Does this need </FONT>
<BR><FONT SIZE=2>> to be a new</FONT>
<BR><FONT SIZE=2>> > > extension on its own? It could be, or it could be added as</FONT>
<BR><FONT SIZE=2>> > an additional</FONT>
<BR><FONT SIZE=2>> > > parameter to the IDP extension. That might be even simpler</FONT>
<BR><FONT SIZE=2>> > - thoughts?</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > As implictly said in my e-mail from this morning, I am in </FONT>
<BR><FONT SIZE=2>> favour of an</FONT>
<BR><FONT SIZE=2>> > independant extension, so that we do not mandate the use of</FONT>
<BR><FONT SIZE=2>> > IDP to have that</FONT>
<BR><FONT SIZE=2>> > additional feature. In other words, if the extension were</FONT>
<BR><FONT SIZE=2>> > part of IDP, a</FONT>
<BR><FONT SIZE=2>> > single big CRL could not benefit of that advantage.</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Denis</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > > As for the different groups, if there is going to be a new</FONT>
<BR><FONT SIZE=2>> > extension of</FONT>
<BR><FONT SIZE=2>> > > this sort, I'd like it to be added to 509 and profiled by PKIX, if</FONT>
<BR><FONT SIZE=2>> > > possible. If the PKIX groups reaches consensus on what they</FONT>
<BR><FONT SIZE=2>> > want quickly</FONT>
<BR><FONT SIZE=2>> > > enough, that input can be submitted on behalf of PKIX to</FONT>
<BR><FONT SIZE=2>> > the 509 meeting</FONT>
<BR><FONT SIZE=2>> > > later this month. The timing is very good this time.</FONT>
<BR><FONT SIZE=2>> > ></FONT>
<BR><FONT SIZE=2>> > > Cheers,</FONT>
<BR><FONT SIZE=2>> > > Sharon</FONT>
<BR><FONT SIZE=2>> > ></FONT>
<BR><FONT SIZE=2>> > > > -----Original Message-----</FONT>
<BR><FONT SIZE=2>> > > > From: Tim Polk [<A HREF="mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</A>]</FONT>
<BR><FONT SIZE=2>> > > > Sent: Friday, September 07, 2001 5:20 PM</FONT>
<BR><FONT SIZE=2>> > > > To: Denis Pinkas; Tom Gindin</FONT>
<BR><FONT SIZE=2>> > > > Cc: IETF-PKIX</FONT>
<BR><FONT SIZE=2>> > > > Subject: Re: Removing expired certificates from CRLs.....</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > Denis, Tom, et al.</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > As one of several independent originators of the idea,</FONT>
<BR><FONT SIZE=2>> > > > (Ambarish Malpani is</FONT>
<BR><FONT SIZE=2>> > > > another), I thought I ought to weigh in as well. I had </FONT>
<BR><FONT SIZE=2>> something</FONT>
<BR><FONT SIZE=2>> > > > *considerably* simpler in mind. If a CRL includes revocation</FONT>
<BR><FONT SIZE=2>> > > > information</FONT>
<BR><FONT SIZE=2>> > > > for certificates that have expired, a relying party</FONT>
<BR><FONT SIZE=2>> > should be able to</FONT>
<BR><FONT SIZE=2>> > > > determine that automatically.</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > I would suggest a noncritical CRL extension with a single</FONT>
<BR><FONT SIZE=2>> > > > value of type</FONT>
<BR><FONT SIZE=2>> > > > GeneralizedTime. The ASN.1 syntax would be</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > ExpiredCertsOnCRL ::= GeneralizedTime</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > As usual with PKIX times, we would require time Zulu with</FONT>
<BR><FONT SIZE=2>> > > > seconds (even if</FONT>
<BR><FONT SIZE=2>> > > > zero).</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > The semantics for the extension would be as follows:</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > The scope of a CRL containing this extension is</FONT>
<BR><FONT SIZE=2>> > > > extended to include</FONT>
<BR><FONT SIZE=2>> > > > certificates that expired at the exact time specified in the</FONT>
<BR><FONT SIZE=2>> > > > extension or</FONT>
<BR><FONT SIZE=2>> > > > after that time. If limitations in the CRL's scope are</FONT>
<BR><FONT SIZE=2>> > specified (by</FONT>
<BR><FONT SIZE=2>> > > > either reason codes or by distribution points), that applies</FONT>
<BR><FONT SIZE=2>> > > > to expired</FONT>
<BR><FONT SIZE=2>> > > > certificates as well.</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > IMHO, we shouldn't make the scope of a CRL different for</FONT>
<BR><FONT SIZE=2>> > expired and</FONT>
<BR><FONT SIZE=2>> > > > unexpired certificates. This is a simple idea - let's keep</FONT>
<BR><FONT SIZE=2>> > > > it that way!</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > BTW, folks were wondering why this hasn't been pursued in</FONT>
<BR><FONT SIZE=2>> > > > PKIX. This idea</FONT>
<BR><FONT SIZE=2>> > > > has been floated a couple of times, but no one was </FONT>
<BR><FONT SIZE=2>> really ready to</FONT>
<BR><FONT SIZE=2>> > > > implement it. We needed to concentrate on the core</FONT>
<BR><FONT SIZE=2>> > functionality. I</FONT>
<BR><FONT SIZE=2>> > > > floated the idea again at one of the meetings (in San Diego?)</FONT>
<BR><FONT SIZE=2>> > > > and Ambarish</FONT>
<BR><FONT SIZE=2>> > > > said he'd had the same idea and wanted to pursue it. I asked</FONT>
<BR><FONT SIZE=2>> > > > him to delay</FONT>
<BR><FONT SIZE=2>> > > > any new work in this area until the son-of-2459 is </FONT>
<BR><FONT SIZE=2>> approved by the</FONT>
<BR><FONT SIZE=2>> > > > IESG. (Neither of us realized what a long delay we'd</FONT>
<BR><FONT SIZE=2>> > agreed to...)</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > Thanks,</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> > > > Tim Polk</FONT>
<BR><FONT SIZE=2>> > > ></FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C13A20.4E2470A0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AGTHB00289 for ietf-pkix-bks; Mon, 10 Sep 2001 09:29:17 -0700 (PDT)
Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.104]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AGTFD00284 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 09:29:15 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e4.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id MAA153134; Mon, 10 Sep 2001 12:26:46 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f8AGGVd160892; Mon, 10 Sep 2001 12:16:46 -0400
Importance: Normal
Subject: RE: Removing expired certificates from CRLs.....
To: Sharon Boeyen <sharon.boeyen@entrust.com>
Cc: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, IETF-PKIX <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OF35FFA708.E652D3D0-ON85256AC3.005999E2@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Mon, 10 Sep 2001 12:24:32 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/10/2001 12:24:54 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Sharon:
Like Denis, I'm in favor of a separate extension, especially since I
think that excluding revocations of encryption certificates from retention
is a good idea. Using the IDP makes it very advisable that the syntax be
trimmed. Also, since the IDP is recommended to be critical by both X.509
and PKIX, wouldn't we have to reassign its OID if we're adding fields to
the syntax, even in a way that is backwards compatible? If so, that would
more than neutralize any advantage to be gained by reusing a well-known
extension.
Tom Gindin
Sharon Boeyen <sharon.boeyen@entrust.com>@mail.imc.org on 09/10/2001
11:02:03 AM
Sent by: owner-ietf-pkix@mail.imc.org
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen
<sharon.boeyen@entrust.com>
cc: IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Denis, I'm not necessarily recommending one approach over the other, just
raising the
options for discussion. However, I do want to note that IDP can, but
obviously need not, be included in a "single big" CRL just as it can be in
a CRL DP. The only current component that would be likely be present in
such a CRL would be the name if the IDP.
Cheers,
Sharon
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Monday, September 10, 2001 10:19 AM
> To: Sharon Boeyen
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
> Sharon,
>
> > Tim, I like this proposal because of its simplicity and
> given all the
> > other variable ways we have to set up CRLs, I suspect this,
> combined with
> > them, gives more than enough flexibility. Does this need to be a new
> > extension on its own? It could be, or it could be added as
> an additional
> > parameter to the IDP extension. That might be even simpler
> - thoughts?
>
> As implictly said in my e-mail from this morning, I am in favour of an
> independant extension, so that we do not mandate the use of
> IDP to have that
> additional feature. In other words, if the extension were
> part of IDP, a
> single big CRL could not benefit of that advantage.
>
> Denis
>
> > As for the different groups, if there is going to be a new
> extension of
> > this sort, I'd like it to be added to 509 and profiled by PKIX, if
> > possible. If the PKIX groups reaches consensus on what they
> want quickly
> > enough, that input can be submitted on behalf of PKIX to
> the 509 meeting
> > later this month. The timing is very good this time.
> >
> > Cheers,
> > Sharon
> >
> > > -----Original Message-----
> > > From: Tim Polk [mailto:tim.polk@nist.gov]
> > > Sent: Friday, September 07, 2001 5:20 PM
> > > To: Denis Pinkas; Tom Gindin
> > > Cc: IETF-PKIX
> > > Subject: Re: Removing expired certificates from CRLs.....
> > >
> > >
> > >
> > > Denis, Tom, et al.
> > >
> > > As one of several independent originators of the idea,
> > > (Ambarish Malpani is
> > > another), I thought I ought to weigh in as well. I had something
> > > *considerably* simpler in mind. If a CRL includes revocation
> > > information
> > > for certificates that have expired, a relying party
> should be able to
> > > determine that automatically.
> > >
> > > I would suggest a noncritical CRL extension with a single
> > > value of type
> > > GeneralizedTime. The ASN.1 syntax would be
> > >
> > > ExpiredCertsOnCRL ::= GeneralizedTime
> > >
> > > As usual with PKIX times, we would require time Zulu with
> > > seconds (even if
> > > zero).
> > >
> > > The semantics for the extension would be as follows:
> > >
> > > The scope of a CRL containing this extension is
> > > extended to include
> > > certificates that expired at the exact time specified in the
> > > extension or
> > > after that time. If limitations in the CRL's scope are
> specified (by
> > > either reason codes or by distribution points), that applies
> > > to expired
> > > certificates as well.
> > >
> > > IMHO, we shouldn't make the scope of a CRL different for
> expired and
> > > unexpired certificates. This is a simple idea - let's keep
> > > it that way!
> > >
> > > BTW, folks were wondering why this hasn't been pursued in
> > > PKIX. This idea
> > > has been floated a couple of times, but no one was really ready to
> > > implement it. We needed to concentrate on the core
> functionality. I
> > > floated the idea again at one of the meetings (in San Diego?)
> > > and Ambarish
> > > said he'd had the same idea and wanted to pursue it. I asked
> > > him to delay
> > > any new work in this area until the son-of-2459 is approved by the
> > > IESG. (Neither of us realized what a long delay we'd
> agreed to...)
> > >
> > > Thanks,
> > >
> > > Tim Polk
> > >
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AFdHs25088 for ietf-pkix-bks; Mon, 10 Sep 2001 08:39:17 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AFdED25077 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 08:39:14 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Mon, 10 Sep 2001 09:39:16 -0600
Message-Id: <sb9c8a44.043@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Mon, 10 Sep 2001 09:41:42 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-pkix@imc.org>
Subject: XACML OID tag?
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_A5FF0FB4.B6D7B504"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_A5FF0FB4.B6D7B504
Content-Type: text/plain; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
This is join to sound like heresy, but has anyone defined an OID tag for =
XACML, so that an XACML string could be included in a X.509 certificate?
Now, I fully expect to be assailed from both sides for this question =AF =
one for mixing XML into a bastardized certificate format instead of using =
pure ASN.1 as God obviously intended, and the other for daring to pour =
holy XML into such an impure, defiled, and unclean vessel as an X.509 =
certificate.
So be it, and let the flames begin.
But I'm observing that conventional, identity-based PKI is suffering what =
the medical community calls a "failure to thrive", with the sole exception =
being SSL certificates issued by the TTP CAs, with VeriSign obviously =
having the mind share in that space.
Toolkits which would provide enterprises to issue their own certificates =
have so far failed to take off to any significant degree (ours included), =
with the consequence that some of those vendors, who once flew so high, =
are close to being delisted by the NASDAQ.
One of the reasons, I believe, is that the neither the public TTPs nor the =
toolkit vendors have so far adequately addressed the important issue of =
providing a cross-enterprise Privilege Management Infrastructure solution. =
And now that they are feeling a very significant financial pinch, they =
may not have the wherewithal to solve that problem.
Maybe it's just the religion of the week (XML) creating an evangelistic =
fervor, but that's where the buzz seems to be these days. And I'd rather =
drop some XACML into an X.509 certificate and make use of the existing =
tools, rather than create everything from scratch. And yes, if X.509 =
attribute certificates had been better thought out and/or more widely =
implemented, maybe this wouldn't be necessary. And if pigs could whistle =
and cows could fly, then the world would be a much different place.
Anyway, does anyone have such an OID and a suggested way to use it? If =
not, I guess I'll explore rolling my own, unless someone else wants to =
join in the fun.
Bob
Robert R. Jueneman
Security Architect
Novell, Inc -- the leading provider of Net services software
--=_A5FF0FB4.B6D7B504
Content-Type: text/plain
Content-Disposition: attachment; filename="Bob Jueneman.vcf"
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Bob Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell Inc. -- the leading provider of Net services software;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;;Novell, Inc.\n1800 South Novell Place\n;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah 84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah 84606
END:VCARD
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Robert R. Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell, Inc.;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah 84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah 84606
TEL;HOME:1-801-765-4378
TEL;CELL:1-801-361-1410
TEL;PREF:1-801-861-7387, 1-800-453-1267
END:VCARD
--=_A5FF0FB4.B6D7B504--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AF2Do22918 for ietf-pkix-bks; Mon, 10 Sep 2001 08:02:13 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AF29D22905 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 08:02:10 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SSWH8WWK>; Mon, 10 Sep 2001 11:02:04 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B2733A@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Mon, 10 Sep 2001 11:02:03 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13A09.8D15D720"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C13A09.8D15D720
Content-Type: text/plain
Denis, I'm not necessarily recommending one approach over the other, just
raising the
options for discussion. However, I do want to note that IDP can, but
obviously need not, be included in a "single big" CRL just as it can be in a
CRL DP. The only current component that would be likely be present in such a
CRL would be the name if the IDP.
Cheers,
Sharon
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Monday, September 10, 2001 10:19 AM
> To: Sharon Boeyen
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
> Sharon,
>
> > Tim, I like this proposal because of its simplicity and
> given all the
> > other variable ways we have to set up CRLs, I suspect this,
> combined with
> > them, gives more than enough flexibility. Does this need to be a new
> > extension on its own? It could be, or it could be added as
> an additional
> > parameter to the IDP extension. That might be even simpler
> - thoughts?
>
> As implictly said in my e-mail from this morning, I am in favour of an
> independant extension, so that we do not mandate the use of
> IDP to have that
> additional feature. In other words, if the extension were
> part of IDP, a
> single big CRL could not benefit of that advantage.
>
> Denis
>
> > As for the different groups, if there is going to be a new
> extension of
> > this sort, I'd like it to be added to 509 and profiled by PKIX, if
> > possible. If the PKIX groups reaches consensus on what they
> want quickly
> > enough, that input can be submitted on behalf of PKIX to
> the 509 meeting
> > later this month. The timing is very good this time.
> >
> > Cheers,
> > Sharon
> >
> > > -----Original Message-----
> > > From: Tim Polk [mailto:tim.polk@nist.gov]
> > > Sent: Friday, September 07, 2001 5:20 PM
> > > To: Denis Pinkas; Tom Gindin
> > > Cc: IETF-PKIX
> > > Subject: Re: Removing expired certificates from CRLs.....
> > >
> > >
> > >
> > > Denis, Tom, et al.
> > >
> > > As one of several independent originators of the idea,
> > > (Ambarish Malpani is
> > > another), I thought I ought to weigh in as well. I had something
> > > *considerably* simpler in mind. If a CRL includes revocation
> > > information
> > > for certificates that have expired, a relying party
> should be able to
> > > determine that automatically.
> > >
> > > I would suggest a noncritical CRL extension with a single
> > > value of type
> > > GeneralizedTime. The ASN.1 syntax would be
> > >
> > > ExpiredCertsOnCRL ::= GeneralizedTime
> > >
> > > As usual with PKIX times, we would require time Zulu with
> > > seconds (even if
> > > zero).
> > >
> > > The semantics for the extension would be as follows:
> > >
> > > The scope of a CRL containing this extension is
> > > extended to include
> > > certificates that expired at the exact time specified in the
> > > extension or
> > > after that time. If limitations in the CRL's scope are
> specified (by
> > > either reason codes or by distribution points), that applies
> > > to expired
> > > certificates as well.
> > >
> > > IMHO, we shouldn't make the scope of a CRL different for
> expired and
> > > unexpired certificates. This is a simple idea - let's keep
> > > it that way!
> > >
> > > BTW, folks were wondering why this hasn't been pursued in
> > > PKIX. This idea
> > > has been floated a couple of times, but no one was really ready to
> > > implement it. We needed to concentrate on the core
> functionality. I
> > > floated the idea again at one of the meetings (in San Diego?)
> > > and Ambarish
> > > said he'd had the same idea and wanted to pursue it. I asked
> > > him to delay
> > > any new work in this area until the son-of-2459 is approved by the
> > > IESG. (Neither of us realized what a long delay we'd
> agreed to...)
> > >
> > > Thanks,
> > >
> > > Tim Polk
> > >
>
------_=_NextPart_001_01C13A09.8D15D720
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>RE: Removing expired certificates from CRLs.....</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Denis, I'm not necessarily recommending one approach =
over the other, just raising the </FONT>
<BR><FONT SIZE=3D2>options for discussion. However, I do want to note =
that IDP can, but obviously need not, be included in a "single =
big" CRL just as it can be in a CRL DP. The only current component =
that would be likely be present in such a CRL would be the name if the =
IDP. </FONT></P>
<P><FONT SIZE=3D2>Cheers,</FONT>
<BR><FONT SIZE=3D2>Sharon</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Denis Pinkas [<A =
HREF=3D"mailto:Denis.Pinkas@bull.net">mailto:Denis.Pinkas@bull.net</A>]<=
/FONT>
<BR><FONT SIZE=3D2>> Sent: Monday, September 10, 2001 10:19 =
AM</FONT>
<BR><FONT SIZE=3D2>> To: Sharon Boeyen</FONT>
<BR><FONT SIZE=3D2>> Cc: IETF-PKIX</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: Removing expired certificates from =
CRLs.....</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Sharon,</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > Tim, I like this proposal because of its =
simplicity and </FONT>
<BR><FONT SIZE=3D2>> given all the</FONT>
<BR><FONT SIZE=3D2>> > other variable ways we have to set up =
CRLs, I suspect this, </FONT>
<BR><FONT SIZE=3D2>> combined with</FONT>
<BR><FONT SIZE=3D2>> > them, gives more than enough flexibility. =
Does this need to be a new</FONT>
<BR><FONT SIZE=3D2>> > extension on its own? It could be, or it =
could be added as </FONT>
<BR><FONT SIZE=3D2>> an additional</FONT>
<BR><FONT SIZE=3D2>> > parameter to the IDP extension. That might =
be even simpler </FONT>
<BR><FONT SIZE=3D2>> - thoughts?</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> As implictly said in my e-mail from this =
morning, I am in favour of an</FONT>
<BR><FONT SIZE=3D2>> independant extension, so that we do not =
mandate the use of </FONT>
<BR><FONT SIZE=3D2>> IDP to have that</FONT>
<BR><FONT SIZE=3D2>> additional feature. In other words, if the =
extension were </FONT>
<BR><FONT SIZE=3D2>> part of IDP, a</FONT>
<BR><FONT SIZE=3D2>> single big CRL could not benefit of that =
advantage.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Denis</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > As for the different groups, if there is =
going to be a new </FONT>
<BR><FONT SIZE=3D2>> extension of</FONT>
<BR><FONT SIZE=3D2>> > this sort, I'd like it to be added to 509 =
and profiled by PKIX, if</FONT>
<BR><FONT SIZE=3D2>> > possible. If the PKIX groups reaches =
consensus on what they </FONT>
<BR><FONT SIZE=3D2>> want quickly</FONT>
<BR><FONT SIZE=3D2>> > enough, that input can be submitted on =
behalf of PKIX to </FONT>
<BR><FONT SIZE=3D2>> the 509 meeting</FONT>
<BR><FONT SIZE=3D2>> > later this month. The timing is very good =
this time.</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > Cheers,</FONT>
<BR><FONT SIZE=3D2>> > Sharon</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > > -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> > > From: Tim Polk [<A =
HREF=3D"mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</A>]</FONT>
<BR><FONT SIZE=3D2>> > > Sent: Friday, September 07, 2001 5:20 =
PM</FONT>
<BR><FONT SIZE=3D2>> > > To: Denis Pinkas; Tom Gindin</FONT>
<BR><FONT SIZE=3D2>> > > Cc: IETF-PKIX</FONT>
<BR><FONT SIZE=3D2>> > > Subject: Re: Removing expired =
certificates from CRLs.....</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > Denis, Tom, et al.</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > As one of several independent =
originators of the idea,</FONT>
<BR><FONT SIZE=3D2>> > > (Ambarish Malpani is</FONT>
<BR><FONT SIZE=3D2>> > > another), I thought I ought to weigh =
in as well. I had something</FONT>
<BR><FONT SIZE=3D2>> > > *considerably* simpler in mind. =
If a CRL includes revocation</FONT>
<BR><FONT SIZE=3D2>> > > information</FONT>
<BR><FONT SIZE=3D2>> > > for certificates that have expired, a =
relying party </FONT>
<BR><FONT SIZE=3D2>> should be able to</FONT>
<BR><FONT SIZE=3D2>> > > determine that automatically.</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > I would suggest a noncritical CRL =
extension with a single</FONT>
<BR><FONT SIZE=3D2>> > > value of type</FONT>
<BR><FONT SIZE=3D2>> > > GeneralizedTime. The =
ASN.1 syntax would be</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > =
ExpiredCertsOnCRL ::=3D GeneralizedTime</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > As usual with PKIX times, we would =
require time Zulu with</FONT>
<BR><FONT SIZE=3D2>> > > seconds (even if</FONT>
<BR><FONT SIZE=3D2>> > > zero).</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > The semantics for the extension would =
be as follows:</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > =
The scope of a CRL containing this extension is</FONT>
<BR><FONT SIZE=3D2>> > > extended to include</FONT>
<BR><FONT SIZE=3D2>> > > certificates that expired at =
the exact time specified in the</FONT>
<BR><FONT SIZE=3D2>> > > extension or</FONT>
<BR><FONT SIZE=3D2>> > > after that time. If limitations =
in the CRL's scope are </FONT>
<BR><FONT SIZE=3D2>> specified (by</FONT>
<BR><FONT SIZE=3D2>> > > either reason codes or by =
distribution points), that applies</FONT>
<BR><FONT SIZE=3D2>> > > to expired</FONT>
<BR><FONT SIZE=3D2>> > > certificates as well.</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > IMHO, we shouldn't make the scope of =
a CRL different for </FONT>
<BR><FONT SIZE=3D2>> expired and</FONT>
<BR><FONT SIZE=3D2>> > > unexpired certificates. This is =
a simple idea - let's keep</FONT>
<BR><FONT SIZE=3D2>> > > it that way!</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > BTW, folks were wondering why this =
hasn't been pursued in</FONT>
<BR><FONT SIZE=3D2>> > > PKIX. This idea</FONT>
<BR><FONT SIZE=3D2>> > > has been floated a couple of times, =
but no one was really ready to</FONT>
<BR><FONT SIZE=3D2>> > > implement it. We needed to =
concentrate on the core </FONT>
<BR><FONT SIZE=3D2>> functionality. I</FONT>
<BR><FONT SIZE=3D2>> > > floated the idea again at one of the =
meetings (in San Diego?)</FONT>
<BR><FONT SIZE=3D2>> > > and Ambarish</FONT>
<BR><FONT SIZE=3D2>> > > said he'd had the same idea and =
wanted to pursue it. I asked</FONT>
<BR><FONT SIZE=3D2>> > > him to delay</FONT>
<BR><FONT SIZE=3D2>> > > any new work in this area until the =
son-of-2459 is approved by the</FONT>
<BR><FONT SIZE=3D2>> > > IESG. (Neither of us realized =
what a long delay we'd </FONT>
<BR><FONT SIZE=3D2>> agreed to...)</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > Thanks,</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > Tim Polk</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C13A09.8D15D720--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AEMJ418962 for ietf-pkix-bks; Mon, 10 Sep 2001 07:22:19 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AEMFD18958 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 07:22:15 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA12858; Mon, 10 Sep 2001 16:23:01 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id QAA16286; Mon, 10 Sep 2001 16:20:25 +0200
Message-ID: <3B9CCBEB.92481A39@bull.net>
Date: Mon, 10 Sep 2001 16:19:23 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Sharon Boeyen <sharon.boeyen@entrust.com>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <9A4F653B0A375841AC75A8D17712B9C9B27338@sottmxs04.entrust.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Sharon,
> Tim, I like this proposal because of its simplicity and given all the
> other variable ways we have to set up CRLs, I suspect this, combined with
> them, gives more than enough flexibility. Does this need to be a new
> extension on its own? It could be, or it could be added as an additional
> parameter to the IDP extension. That might be even simpler - thoughts?
As implictly said in my e-mail from this morning, I am in favour of an
independant extension, so that we do not mandate the use of IDP to have that
additional feature. In other words, if the extension were part of IDP, a
single big CRL could not benefit of that advantage.
Denis
> As for the different groups, if there is going to be a new extension of
> this sort, I'd like it to be added to 509 and profiled by PKIX, if
> possible. If the PKIX groups reaches consensus on what they want quickly
> enough, that input can be submitted on behalf of PKIX to the 509 meeting
> later this month. The timing is very good this time.
>
> Cheers,
> Sharon
>
> > -----Original Message-----
> > From: Tim Polk [mailto:tim.polk@nist.gov]
> > Sent: Friday, September 07, 2001 5:20 PM
> > To: Denis Pinkas; Tom Gindin
> > Cc: IETF-PKIX
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> >
> > Denis, Tom, et al.
> >
> > As one of several independent originators of the idea,
> > (Ambarish Malpani is
> > another), I thought I ought to weigh in as well. I had something
> > *considerably* simpler in mind. If a CRL includes revocation
> > information
> > for certificates that have expired, a relying party should be able to
> > determine that automatically.
> >
> > I would suggest a noncritical CRL extension with a single
> > value of type
> > GeneralizedTime. The ASN.1 syntax would be
> >
> > ExpiredCertsOnCRL ::= GeneralizedTime
> >
> > As usual with PKIX times, we would require time Zulu with
> > seconds (even if
> > zero).
> >
> > The semantics for the extension would be as follows:
> >
> > The scope of a CRL containing this extension is
> > extended to include
> > certificates that expired at the exact time specified in the
> > extension or
> > after that time. If limitations in the CRL's scope are specified (by
> > either reason codes or by distribution points), that applies
> > to expired
> > certificates as well.
> >
> > IMHO, we shouldn't make the scope of a CRL different for expired and
> > unexpired certificates. This is a simple idea - let's keep
> > it that way!
> >
> > BTW, folks were wondering why this hasn't been pursued in
> > PKIX. This idea
> > has been floated a couple of times, but no one was really ready to
> > implement it. We needed to concentrate on the core functionality. I
> > floated the idea again at one of the meetings (in San Diego?)
> > and Ambarish
> > said he'd had the same idea and wanted to pursue it. I asked
> > him to delay
> > any new work in this area until the son-of-2459 is approved by the
> > IESG. (Neither of us realized what a long delay we'd agreed to...)
> >
> > Thanks,
> >
> > Tim Polk
> >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8AEA7M18722 for ietf-pkix-bks; Mon, 10 Sep 2001 07:10:07 -0700 (PDT)
Received: from sottmxs02.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8AEA4D18716 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 07:10:04 -0700 (PDT)
Received: by sottmxs02.entrust.com with Internet Mail Service (5.5.2650.21) id <SSXMWX78>; Mon, 10 Sep 2001 10:09:58 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B27338@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'Tim Polk'" <tim.polk@nist.gov>, Denis Pinkas <Denis.Pinkas@bull.net>, Tom Gindin <tgindin@us.ibm.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Mon, 10 Sep 2001 10:09:57 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13A02.45A680D0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C13A02.45A680D0
Content-Type: text/plain
Tim, I like this proposal because of its simplicity and given all the other
variable ways we have to set up CRLs, I suspect this, combined with them,
gives more than enough flexibility. Does this need to be a new extension on
its own? It could be, or it could be added as an additional parameter to the
IDP extension. That might be even simpler - thoughts?
As for the different groups, if there is going to be a new extension of this
sort, I'd like it to be added to 509 and profiled by PKIX, if possible. If
the PKIX groups reaches consensus on what they want quickly enough, that
input can be submitted on behalf of PKIX to the 509 meeting later this
month. The timing is very good this time.
Cheers,
Sharon
> -----Original Message-----
> From: Tim Polk [mailto:tim.polk@nist.gov]
> Sent: Friday, September 07, 2001 5:20 PM
> To: Denis Pinkas; Tom Gindin
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Denis, Tom, et al.
>
> As one of several independent originators of the idea,
> (Ambarish Malpani is
> another), I thought I ought to weigh in as well. I had something
> *considerably* simpler in mind. If a CRL includes revocation
> information
> for certificates that have expired, a relying party should be able to
> determine that automatically.
>
> I would suggest a noncritical CRL extension with a single
> value of type
> GeneralizedTime. The ASN.1 syntax would be
>
> ExpiredCertsOnCRL ::= GeneralizedTime
>
> As usual with PKIX times, we would require time Zulu with
> seconds (even if
> zero).
>
> The semantics for the extension would be as follows:
>
> The scope of a CRL containing this extension is
> extended to include
> certificates that expired at the exact time specified in the
> extension or
> after that time. If limitations in the CRL's scope are specified (by
> either reason codes or by distribution points), that applies
> to expired
> certificates as well.
>
> IMHO, we shouldn't make the scope of a CRL different for expired and
> unexpired certificates. This is a simple idea - let's keep
> it that way!
>
> BTW, folks were wondering why this hasn't been pursued in
> PKIX. This idea
> has been floated a couple of times, but no one was really ready to
> implement it. We needed to concentrate on the core functionality. I
> floated the idea again at one of the meetings (in San Diego?)
> and Ambarish
> said he'd had the same idea and wanted to pursue it. I asked
> him to delay
> any new work in this area until the son-of-2459 is approved by the
> IESG. (Neither of us realized what a long delay we'd agreed to...)
>
> Thanks,
>
> Tim Polk
>
------_=_NextPart_001_01C13A02.45A680D0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>RE: Removing expired certificates from CRLs.....</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Tim, I like this proposal because of its simplicity =
and given all the other variable ways we have to set up CRLs, I suspect =
this, combined with them, gives more than enough flexibility. Does this =
need to be a new extension on its own? It could be, or it could be =
added as an additional parameter to the IDP extension. That might be =
even simpler - thoughts?</FONT></P>
<P><FONT SIZE=3D2>As for the different groups, if there is going to be =
a new extension of this sort, I'd like it to be added to 509 and =
profiled by PKIX, if possible. If the PKIX groups reaches consensus on =
what they want quickly enough, that input can be submitted on behalf of =
PKIX to the 509 meeting later this month. The timing is very good this =
time.</FONT></P>
<P><FONT SIZE=3D2>Cheers,</FONT>
<BR><FONT SIZE=3D2>Sharon</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Tim Polk [<A =
HREF=3D"mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</A>]</FONT>
<BR><FONT SIZE=3D2>> Sent: Friday, September 07, 2001 5:20 PM</FONT>
<BR><FONT SIZE=3D2>> To: Denis Pinkas; Tom Gindin</FONT>
<BR><FONT SIZE=3D2>> Cc: IETF-PKIX</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: Removing expired certificates from =
CRLs.....</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Denis, Tom, et al.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> As one of several independent originators of =
the idea, </FONT>
<BR><FONT SIZE=3D2>> (Ambarish Malpani is </FONT>
<BR><FONT SIZE=3D2>> another), I thought I ought to weigh in as =
well. I had something </FONT>
<BR><FONT SIZE=3D2>> *considerably* simpler in mind. If a CRL =
includes revocation </FONT>
<BR><FONT SIZE=3D2>> information </FONT>
<BR><FONT SIZE=3D2>> for certificates that have expired, a relying =
party should be able to </FONT>
<BR><FONT SIZE=3D2>> determine that automatically.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I would suggest a noncritical CRL extension =
with a single </FONT>
<BR><FONT SIZE=3D2>> value of type </FONT>
<BR><FONT SIZE=3D2>> GeneralizedTime. The ASN.1 syntax =
would be</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> =
ExpiredCertsOnCRL ::=3D GeneralizedTime</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> As usual with PKIX times, we would require time =
Zulu with </FONT>
<BR><FONT SIZE=3D2>> seconds (even if </FONT>
<BR><FONT SIZE=3D2>> zero).</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> The semantics for the extension would be as =
follows:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> The scope of a =
CRL containing this extension is </FONT>
<BR><FONT SIZE=3D2>> extended to include </FONT>
<BR><FONT SIZE=3D2>> certificates that expired at the exact =
time specified in the </FONT>
<BR><FONT SIZE=3D2>> extension or </FONT>
<BR><FONT SIZE=3D2>> after that time. If limitations in the =
CRL's scope are specified (by </FONT>
<BR><FONT SIZE=3D2>> either reason codes or by distribution points), =
that applies </FONT>
<BR><FONT SIZE=3D2>> to expired </FONT>
<BR><FONT SIZE=3D2>> certificates as well.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> IMHO, we shouldn't make the scope of a CRL =
different for expired and </FONT>
<BR><FONT SIZE=3D2>> unexpired certificates. This is a simple =
idea - let's keep </FONT>
<BR><FONT SIZE=3D2>> it that way!</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> BTW, folks were wondering why this hasn't been =
pursued in </FONT>
<BR><FONT SIZE=3D2>> PKIX. This idea </FONT>
<BR><FONT SIZE=3D2>> has been floated a couple of times, but no one =
was really ready to </FONT>
<BR><FONT SIZE=3D2>> implement it. We needed to concentrate on =
the core functionality. I </FONT>
<BR><FONT SIZE=3D2>> floated the idea again at one of the meetings =
(in San Diego?) </FONT>
<BR><FONT SIZE=3D2>> and Ambarish </FONT>
<BR><FONT SIZE=3D2>> said he'd had the same idea and wanted to =
pursue it. I asked </FONT>
<BR><FONT SIZE=3D2>> him to delay </FONT>
<BR><FONT SIZE=3D2>> any new work in this area until the son-of-2459 =
is approved by the </FONT>
<BR><FONT SIZE=3D2>> IESG. (Neither of us realized what a long =
delay we'd agreed to...)</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Thanks,</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Tim Polk</FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C13A02.45A680D0--
Received: by above.proper.com (8.11.6/8.11.3) id f8A7s8n20862 for ietf-pkix-bks; Mon, 10 Sep 2001 00:54:08 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8A7s6D20855 for <ietf-pkix@imc.org>; Mon, 10 Sep 2001 00:54:06 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA29672; Mon, 10 Sep 2001 09:53:34 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id JAA15022; Mon, 10 Sep 2001 09:50:57 +0200
Message-ID: <3B9C70E8.E0DB15FE@bull.net>
Date: Mon, 10 Sep 2001 09:51:04 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Tim Polk <tim.polk@nist.gov>
CC: Tom Gindin <tgindin@us.ibm.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <OF000F9E24.82296A99-ON85256AC0.00407A72@pok.ibm.com> <4.2.0.58.20010907165107.00a4c430@email.nist.gov>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Tim,
> Denis, Tom, et al.
>
> As one of several independent originators of the idea, (Ambarish Malpani is
> another), I thought I ought to weigh in as well. I had something
> *considerably* simpler in mind. If a CRL includes revocation information
> for certificates that have expired, a relying party should be able to
> determine that automatically.
We strongly agree on that statement.
> I would suggest a noncritical CRL extension with a single value of type
> GeneralizedTime. The ASN.1 syntax would be
>
> ExpiredCertsOnCRL ::= GeneralizedTime
>
> As usual with PKIX times, we would require time Zulu with seconds (even if
> zero).
>
> The semantics for the extension would be as follows:
>
> The scope of a CRL containing this extension is extended to include
> certificates that expired at the exact time specified in the extension or
> after that time. If limitations in the CRL's scope are specified (by
> either reason codes or by distribution points), that applies to expired
> certificates as well.
As Tom said, in practice we would expect certificates with the DS bit set
with a retention period of two or three days, while certificates with the NR
bit set with a retention period of about one month. For other certificates,
it would be the next *scheduled* CRL after revocation.
An option is to say that all certificates from a CRL are maintained for a
fixed time, e.g. one month more. This does not increase the size of CRLs
indefinitively and, as Tim says, is simple enough.
If different retention periods are needed, there is still a solution, but
there is a price to pay: use CRL Distribution Points with different reason
codes. This means that certificates must originally be produced with this
feature. If there aren't ... then this is not possible.
I can buy that simplicity, as long as we include such explanations in the
text.
Denis
> IMHO, we shouldn't make the scope of a CRL different for expired and
> unexpired certificates. This is a simple idea - let's keep it that way!
>
> BTW, folks were wondering why this hasn't been pursued in PKIX. This idea
> has been floated a couple of times, but no one was really ready to
> implement it. We needed to concentrate on the core functionality. I
> floated the idea again at one of the meetings (in San Diego?) and Ambarish
> said he'd had the same idea and wanted to pursue it. I asked him to delay
> any new work in this area until the son-of-2459 is approved by the
> IESG. (Neither of us realized what a long delay we'd agreed to...)
>
> Thanks,
>
> Tim Polk
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f89Ni1W16666 for ietf-pkix-bks; Sun, 9 Sep 2001 16:44:01 -0700 (PDT)
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f89NheD16659 for <ietf-pkix@imc.org>; Sun, 9 Sep 2001 16:43:40 -0700 (PDT)
Received: from [128.33.238.15] (TC015.BBN.COM [128.33.238.15]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id TAA16084; Sun, 9 Sep 2001 19:43:06 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010400b7c1ae34753e@[128.33.238.15]>
In-Reply-To: <3B990BFC.7CBF5DD8@stroeder.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com> <p05010403b7bab9e15dcc@[128.33.84.34]> <3B9532CC.EF74B9E8@sun.com> <p05010404b7bbdfb8674d@[128.33.84.34]> <3B990BFC.7CBF5DD8@stroeder.com>
Date: Sun, 9 Sep 2001 19:42:04 -0400
To: michael@stroeder.com
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f89NheD16660
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 8:03 PM +0200 9/7/01, Michael Ströder wrote:
>Stephen Kent wrote:
>>
>> There is not a central registry for DNs
>> where the CA can check to verify that the company in question is
>> entitled to use the DN it proposes. Certainly this is true if the
>> U.S. So, since CAs regularly make value judgements about
>> appropriateness of DNs given imperfect inputs, I don't see the logo
>> "verification" as something fundamentally different and harder.
>
>Hmm, do you really want to argue based on these practices?
>Now guess how serious I'll take this argument...
OK, you're on. In the U.S. try to find a definitive database that
will allow a CA to verify an organization's claim to use a DN. On the
other hand, the U.S. Patent and Trademark Office (PTO) has a web
site listing all names in the U.S. to which trademarks have been
issued.
Your turn ...
>
>> >But this is completely pedantic. The original issue was that a logo can
>> >change appearance when it's scaled or mapped to different colors. A pink
>> >circle is different from a green circle for trademark and copyright
>> >purposes. But how do you distinguish them when they're displayed on a
>> >black and white screen? I don't think that web page technology has any
>> >magic bullets in this area. And what about blind users? With URLs, they
>> >can have their screen-reader read the URL back to them. Graphics will be
>> >completely inaccessible.
>>
>> Good points about the limitations of a logo.
>
>+1
>
>I don't believe that the displaying problems can be solved.
Your belief is not a basis for making this sort of decision.
Translated to a less self-centric statement, it becomes a hard
statement to prove.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f89NTNe16269 for ietf-pkix-bks; Sun, 9 Sep 2001 16:29:23 -0700 (PDT)
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f89NTLD16264 for <ietf-pkix@imc.org>; Sun, 9 Sep 2001 16:29:21 -0700 (PDT)
Received: from [128.33.238.15] (TC015.BBN.COM [128.33.238.15]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id TAA15491; Sun, 9 Sep 2001 19:28:53 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com (Unverified)
Message-Id: <p05010408b7c16acc13f1@[128.33.84.35]>
In-Reply-To: <sb96305f.048@prv-mail20.provo.novell.com>
References: <sb96305f.048@prv-mail20.provo.novell.com>
Date: Sun, 9 Sep 2001 15:06:38 -0400
To: "Bob Jueneman" <bjueneman@novell.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 2:04 PM -0600 9/5/01, Bob Jueneman wrote:
> >Bob Jueneman wrote:
>>> I wasn't suggesting that logos should be restricted to end-entities,
>>> I was only pointing out that such a restriction would immediately
>>> make the issue of name subordination and misuse of the logo by some
>>> intermediate CA go away.
>>
>>This isn't true. Name constraints allow me to cross certify IBM's CA but
>>indicate that the only DNs it is trusted to certify are those that begin
>>with "c=us, o=IBM". Even if logos are restricted to end-entities,
>>there's nothing stopping IBM's CA from placing a Sun logo in an
>>end-entity certificate. So restricting logos to end-entities doesn't
>>"make the issue of name subordination and misuse of the logo by some
>>intermediate CA go away."
>
>Sorry, Steve, you are quite correct in that sense. I guess I wasn't
>thinking about corporate logos tied to organizational persons as
>much as I was thinking about brand identification, where the brand
>isn't owned by the superior CA in any case, any more than VeriSign
>owns c=us, o=Sun. In any case, name subordination is a very limited
>mechanism, that solves a problem that basically doesn't exist. How
>many subordinate CAs can you point to that aren't owned and
>controlled by the parent CA? And how many browsers or other client
>software correctly implement the constraint? And how do you apply a
>name subordination constraint to a DNS name for SSL - restrict it to
>entities registered under .com?
As a long term supporter of using the name constraints extension, I
feel compelled to comment on this aspect of the discussion.
Name constraints work well when organizations as as CAs for
themselves. Under such circumstances, cross certification represents
not a declaration of "trust" between the cross certifying
organizations, but a recognition of the authority of each
organization re its respective name space. This works well for all
tree-structured names spaces where such authority is clear. The DNS
name space is an excellent example.
The areas where name constraints do not work well, or only in very
limited fashion, are instances where a CA is not authoritative for
the name space in which it issue certificates. Public TTP CAs ate the
best example here. The best one can do when cross certifying a CA of
this sort is to use the excluded subtrees facility to prevent certs
issued by that CA from being accepted if they claim to be for
entities within one's own name space. (Well, one could do even
better, by adding to the excluded subtrees the name spaces of other
organizations which you have directly cross certified, but this might
become burdensome.)
So-called bridge CAs also suffer in this regard, and admit a similar
set of partial safeguards certs.
Note that governmental CAs, of the sort that a number of countries
are exploring or deploying, also can make good use of name
constraints in the certs they issue to organizational CAs.
So, the problem with name constraints in practice arises from the
common use of TTP CAs. This may be characteristic of how PKIs will
evolve, or it may be a temporary feature of early phases of use of
PKIs.
Time will tell,
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f88C9lh06990 for ietf-pkix-bks; Sat, 8 Sep 2001 05:09:47 -0700 (PDT)
Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f88C9jD06986 for <ietf-pkix@imc.org>; Sat, 8 Sep 2001 05:09:45 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id IAA61200; Sat, 8 Sep 2001 08:07:25 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f88C1Vv134678; Sat, 8 Sep 2001 08:01:32 -0400
Importance: Normal
Subject: Re: Removing expired certificates from CRLs.....
To: Denis Pinkas <Denis.Pinkas@bull.net>
Cc: IETF-PKIX <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OFC06A9805.779E9BC2-ON85256AC1.0041ED41@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Sat, 8 Sep 2001 08:09:39 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/08/2001 08:09:40 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis:
Given what the other proponents of a mechanism like this one are
suggesting, I think my second alternative will be considered
overcomplicated anyway. They don't seem to want to enforce multiple dates
for retention. The only reason for separate retention dates which I can
think of is to allow NR to have a multi-year retention while DS (say) has a
week or two, and if NR relying parties check for revocation information
periodically and stop after the date of the signature, they won't have a
problem.
Tom Gindin
Denis Pinkas <Denis.Pinkas@bull.net> on 09/07/2001 08:32:14 AM
To: Tom Gindin/Watson/IBM@IBMUS
cc: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
Tom,
I still believe that this discussion is more appropriate, at this time, to
X.509 currently rather than PKIX. So I have bindly copied the X.509
discussion list. Having said that, making sure that PKIX members agree with
the proposal cannot hurt.
> I would argue for SHOULD for that extension rather than MUST, but its
> presence can hardly hurt if it is non-critical.
I believe that we basically agree. When this extension is present, then it
is non critical.
> BTW, I hadn't read your note when I composed mine.
> Now, what is the proper syntax for this extension, which could be named
> "RevokeRetention"? Here are some possibilities:
> 1 Assume that all usage types have either no retention or the same
one.
> A simple syntax for this would be:
> RevokeRetention ::= SEQUENCE {
> basicUsages KeyUsage OPTIONAL,
> extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
> incExpsAfter GeneralizedTime
> }
Since in practice, I would expect a policy where all certicates having DS
or
NR set are kept one month longer, this seems sufficient.
> 2 Assume that usage types may have different non-null retentions.
A slightly less simple syntax for this would be:
>
> RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
>
> UsageRevokeRetention ::= SEQUENCE {
> CHOICE {
> basicUsage INTEGER,
-- 0-based bit offset from KeyUsage definition
> extUsage OBJECT IDENTIFIER,
> }
> incExpsAfter GeneralizedTime
> }
I would prefer:
basicUsage BIT STRING rather than
basicUsage INTEGER
We could also have a simpler syntax:
RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
UsageRevokeRetention ::= SEQUENCE {
incExpsAfter GeneralizedTime,
basicUsage BIT STRING OPTIONAL,
extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL
}
If some dates are different but some dates are common to various types of
certificates, this can save some entries.
> Naturally, any revocation matching a specified usage would be expected
> to be retained on the CRL if the certificate expiration time is after
> "incExpsAfter", but not otherwise. Furthermore, do you think
> extendedKeyUsage should be omitted?
For completness, since X.509 is a framework, extendedKeyUsage should be
there. PKIX can then decide to keep it or leave it in its profile.
Now, suppose we do this, this is fine for CRLs. How should an OCSP server
behave whether or not expired certificates are kept longer than strictly
mandatory ? RFC 2560 is rather vague on that topic.
Denis
> Tom Gindin
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f888UE122271 for ietf-pkix-bks; Sat, 8 Sep 2001 01:30:14 -0700 (PDT)
Received: from dolk.extundo.com (dolk.extundo.com [195.42.214.242]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f888UAD22261 for <ietf-pkix@imc.org>; Sat, 8 Sep 2001 01:30:11 -0700 (PDT)
Received: from barbar.josefsson.org (slipsten.extundo.com [195.42.214.241]) (authenticated) by dolk.extundo.com (8.11.6/8.11.6) with ESMTP id f888UBh11156; Sat, 8 Sep 2001 10:30:11 +0200
To: michael@stroeder.com
Cc: Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com> <p05010403b7bab9e15dcc@[128.33.84.34]> <3B9532CC.EF74B9E8@sun.com> <p05010404b7bbdfb8674d@[128.33.84.34]> <3B990BFC.7CBF5DD8@stroeder.com>
From: Simon Josefsson <simon+ietf-pkix@josefsson.org>
In-Reply-To: <3B990BFC.7CBF5DD8@stroeder.com> (Michael =?iso-8859-1?q?Str=F6der's?= message of "Fri, 07 Sep 2001 20:03:40 +0200")
Date: Sat, 08 Sep 2001 10:29:40 +0200
Message-ID: <iluzo86hyq3.fsf@barbar.josefsson.org>
Lines: 29
User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.105
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Michael Ströder <michael@stroeder.com> writes:
>> >But this is completely pedantic. The original issue was that a logo can
>> >change appearance when it's scaled or mapped to different colors. A pink
>> >circle is different from a green circle for trademark and copyright
>> >purposes. But how do you distinguish them when they're displayed on a
>> >black and white screen? I don't think that web page technology has any
>> >magic bullets in this area. And what about blind users? With URLs, they
>> >can have their screen-reader read the URL back to them. Graphics will be
>> >completely inaccessible.
>>
>> Good points about the limitations of a logo.
>
> +1
>
> I don't believe that the displaying problems can be solved.
I am not that convinced, at least the SVG format seem to aim to deal
with the problems above:
http://www.w3.org/TR/SVG-access/
I don't think this is a new problem that only exists for PKIX. Logos
are already often distorted in the real world: Black and white news
papers, low resolution screens, etc. It's not impossible to fake
logos outside the PKIX world, and people seem to cope.
Not to say that the problems of cross-certifying etc aren't real, but
I don't think they are impossible to solve.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f880nOV26274 for ietf-pkix-bks; Fri, 7 Sep 2001 17:49:24 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f880nND26270 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 17:49:23 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJB00L01JNJOP@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 7 Sep 2001 17:50:07 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJB00L7CJNIEZ@ext-mail.valicert.com>; Fri, 07 Sep 2001 17:50:07 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT3ZSA2>; Fri, 07 Sep 2001 17:42:57 -0700
Content-return: allowed
Date: Fri, 07 Sep 2001 17:42:50 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Tim Polk'" <tim.polk@nist.gov>, Denis Pinkas <Denis.Pinkas@bull.net>, Tom Gindin <tgindin@us.ibm.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE24F@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Yes --
Sorry I have not been in this conversation the past couple of days;
Ambarish keeps me busy ;)
I have seen several ideas in regards to this extension; but I was
thinking of something much simpler (more like what Tim has recommended) An
extension that would be just like the ArchiveCutOff extension in OCSP.
ArchiveCutOff ::= GeneralizedTime
My 2c,
Ryan
-----Original Message-----
From: Tim Polk [mailto:tim.polk@nist.gov]
Sent: Friday, September 07, 2001 2:20 PM
To: Denis Pinkas; Tom Gindin
Cc: IETF-PKIX
Subject: Re: Removing expired certificates from CRLs.....
Denis, Tom, et al.
As one of several independent originators of the idea, (Ambarish Malpani is
another), I thought I ought to weigh in as well. I had something
*considerably* simpler in mind. If a CRL includes revocation information
for certificates that have expired, a relying party should be able to
determine that automatically.
I would suggest a noncritical CRL extension with a single value of type
GeneralizedTime. The ASN.1 syntax would be
ExpiredCertsOnCRL ::= GeneralizedTime
As usual with PKIX times, we would require time Zulu with seconds (even if
zero).
The semantics for the extension would be as follows:
The scope of a CRL containing this extension is extended to include
certificates that expired at the exact time specified in the extension or
after that time. If limitations in the CRL's scope are specified (by
either reason codes or by distribution points), that applies to expired
certificates as well.
IMHO, we shouldn't make the scope of a CRL different for expired and
unexpired certificates. This is a simple idea - let's keep it that way!
BTW, folks were wondering why this hasn't been pursued in PKIX. This idea
has been floated a couple of times, but no one was really ready to
implement it. We needed to concentrate on the core functionality. I
floated the idea again at one of the meetings (in San Diego?) and Ambarish
said he'd had the same idea and wanted to pursue it. I asked him to delay
any new work in this area until the son-of-2459 is approved by the
IESG. (Neither of us realized what a long delay we'd agreed to...)
Thanks,
Tim Polk
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87MRLd23801 for ietf-pkix-bks; Fri, 7 Sep 2001 15:27:21 -0700 (PDT)
Received: from mailout05.sul.t-online.de (mailout05.sul.t-online.com [194.25.134.82]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87MRJD23797 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 15:27:19 -0700 (PDT)
Received: from fwd06.sul.t-online.de by mailout05.sul.t-online.de with smtp id 15fU5f-0005r1-01; Sat, 08 Sep 2001 00:27:11 +0200
Received: from junker.stroeder.com (520010731148-0001@[62.224.169.246]) by fmrl06.sul.t-online.com with esmtp id 15fU5V-27zkX2C; Sat, 8 Sep 2001 00:27:01 +0200
Received: from stroeder.com (localhost [127.0.0.1]) by junker.stroeder.com (Postfix) with ESMTP id D919F1574FF; Fri, 7 Sep 2001 20:03:40 +0200 (CEST)
Message-ID: <3B990BFC.7CBF5DD8@stroeder.com>
Date: Fri, 07 Sep 2001 20:03:40 +0200
From: Michael =?iso-8859-1?Q?Str=F6der?= <michael@stroeder.com>
Reply-To: michael@stroeder.com
Organization: stroeder.com
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.19 i686)
X-Accept-Language: de-DE, de, en
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
Cc: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com> <p05010403b7bab9e15dcc@[128.33.84.34]> <3B9532CC.EF74B9E8@sun.com> <p05010404b7bbdfb8674d@[128.33.84.34]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: 520010731148-0001@t-dialin.net
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Stephen Kent wrote:
>
> There is not a central registry for DNs
> where the CA can check to verify that the company in question is
> entitled to use the DN it proposes. Certainly this is true if the
> U.S. So, since CAs regularly make value judgements about
> appropriateness of DNs given imperfect inputs, I don't see the logo
> "verification" as something fundamentally different and harder.
Hmm, do you really want to argue based on these practices?
Now guess how serious I'll take this argument...
> >But this is completely pedantic. The original issue was that a logo can
> >change appearance when it's scaled or mapped to different colors. A pink
> >circle is different from a green circle for trademark and copyright
> >purposes. But how do you distinguish them when they're displayed on a
> >black and white screen? I don't think that web page technology has any
> >magic bullets in this area. And what about blind users? With URLs, they
> >can have their screen-reader read the URL back to them. Graphics will be
> >completely inaccessible.
>
> Good points about the limitations of a logo.
+1
I don't believe that the displaying problems can be solved.
Ciao, Michael.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87Lges22964 for ietf-pkix-bks; Fri, 7 Sep 2001 14:42:40 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87LgeD22960 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 14:42:40 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJB00K01B0CXR@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 7 Sep 2001 14:43:24 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJB00KE1B0BI0@ext-mail.valicert.com>; Fri, 07 Sep 2001 14:43:23 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <SMT3ZR3B>; Fri, 07 Sep 2001 14:36:14 -0700
Content-return: allowed
Date: Fri, 07 Sep 2001 14:36:06 -0700
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Tom Gindin <tgindin@us.ibm.com>
Cc: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E4AFD@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Denis, Tom,
What I would recommend we add to CRLs, is something similar
(or the same) as the ArchiveCutoff extension in OCSP. If a CA
added that to a CRL, it would be easy for a responder to add it
in responses.
It is unclear to me that there is a huge benefit to CAs to go
through the trouble of retaining only signing certs in the CRL
and not the others.
Regards,
Ambarish
Denis, since you are bcc-ing the X.509 group, could you please
also forward this message to that list?
Thanks,
Ambarish
---------------------------------------------------------------------
Ambarish Malpani
Architect 650.567.5457
ValiCert, Inc. ambarish@valicert.com
339 N. Bernardo Ave. http://www.valicert.com
Mountain View, CA 94043
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Friday, September 07, 2001 5:32 AM
> To: Tom Gindin
> Cc: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Tom,
>
> I still believe that this discussion is more appropriate, at
> this time, to
> X.509 currently rather than PKIX. So I have bindly copied the X.509
> discussion list. Having said that, making sure that PKIX
> members agree with
> the proposal cannot hurt.
>
> > I would argue for SHOULD for that extension rather than
> MUST, but its
> > presence can hardly hurt if it is non-critical.
>
> I believe that we basically agree. When this extension is
> present, then it
> is non critical.
>
> > BTW, I hadn't read your note when I composed mine.
> > Now, what is the proper syntax for this extension, which
> could be named
> > "RevokeRetention"? Here are some possibilities:
>
> > 1 Assume that all usage types have either no retention
> or the same one.
> > A simple syntax for this would be:
> > RevokeRetention ::= SEQUENCE {
> > basicUsages KeyUsage OPTIONAL,
> > extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
> > incExpsAfter GeneralizedTime
> > }
>
> Since in practice, I would expect a policy where all
> certicates having DS or
> NR set are kept one month longer, this seems sufficient.
>
> > 2 Assume that usage types may have different non-null retentions.
> A slightly less simple syntax for this would be:
> >
> > RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
> >
> > UsageRevokeRetention ::= SEQUENCE {
> > CHOICE {
> > basicUsage INTEGER,
> -- 0-based bit offset from KeyUsage definition
> > extUsage OBJECT IDENTIFIER,
> > }
> > incExpsAfter GeneralizedTime
> > }
>
> I would prefer:
>
> basicUsage BIT STRING rather than
> basicUsage INTEGER
>
>
> We could also have a simpler syntax:
>
> RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
>
> UsageRevokeRetention ::= SEQUENCE {
> incExpsAfter GeneralizedTime,
> basicUsage BIT STRING OPTIONAL,
> extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL
> }
>
> If some dates are different but some dates are common to
> various types of
> certificates, this can save some entries.
>
> > Naturally, any revocation matching a specified usage would
> be expected
> > to be retained on the CRL if the certificate expiration
> time is after
> > "incExpsAfter", but not otherwise. Furthermore, do you think
> > extendedKeyUsage should be omitted?
>
> For completness, since X.509 is a framework, extendedKeyUsage
> should be
> there. PKIX can then decide to keep it or leave it in its profile.
>
> Now, suppose we do this, this is fine for CRLs. How should an
> OCSP server
> behave whether or not expired certificates are kept longer
> than strictly
> mandatory ? RFC 2560 is rather vague on that topic.
>
> Denis
>
>
> > Tom Gindin
>
Received: by above.proper.com (8.11.6/8.11.3) id f87LKqt22627 for ietf-pkix-bks; Fri, 7 Sep 2001 14:20:52 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87LKoD22623 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 14:20:50 -0700 (PDT)
Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id RAA10319; Fri, 7 Sep 2001 17:20:47 -0400 (EDT)
Message-Id: <4.2.0.58.20010907165107.00a4c430@email.nist.gov>
X-Sender: wpolk@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Fri, 07 Sep 2001 17:19:37 -0400
To: Denis Pinkas <Denis.Pinkas@bull.net>, Tom Gindin <tgindin@us.ibm.com>
From: Tim Polk <tim.polk@nist.gov>
Subject: Re: Removing expired certificates from CRLs.....
Cc: IETF-PKIX <ietf-pkix@imc.org>
In-Reply-To: <3B98BE4E.334FE993@bull.net>
References: <OF000F9E24.82296A99-ON85256AC0.00407A72@pok.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Denis, Tom, et al.
As one of several independent originators of the idea, (Ambarish Malpani is
another), I thought I ought to weigh in as well. I had something
*considerably* simpler in mind. If a CRL includes revocation information
for certificates that have expired, a relying party should be able to
determine that automatically.
I would suggest a noncritical CRL extension with a single value of type
GeneralizedTime. The ASN.1 syntax would be
ExpiredCertsOnCRL ::= GeneralizedTime
As usual with PKIX times, we would require time Zulu with seconds (even if
zero).
The semantics for the extension would be as follows:
The scope of a CRL containing this extension is extended to include
certificates that expired at the exact time specified in the extension or
after that time. If limitations in the CRL's scope are specified (by
either reason codes or by distribution points), that applies to expired
certificates as well.
IMHO, we shouldn't make the scope of a CRL different for expired and
unexpired certificates. This is a simple idea - let's keep it that way!
BTW, folks were wondering why this hasn't been pursued in PKIX. This idea
has been floated a couple of times, but no one was really ready to
implement it. We needed to concentrate on the core functionality. I
floated the idea again at one of the meetings (in San Diego?) and Ambarish
said he'd had the same idea and wanted to pursue it. I asked him to delay
any new work in this area until the son-of-2459 is approved by the
IESG. (Neither of us realized what a long delay we'd agreed to...)
Thanks,
Tim Polk
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87CZUh00478 for ietf-pkix-bks; Fri, 7 Sep 2001 05:35:30 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87CZTD00474 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 05:35:29 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA16610; Fri, 7 Sep 2001 14:34:56 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id OAA13896; Fri, 7 Sep 2001 14:32:17 +0200
Message-ID: <3B98BE4E.334FE993@bull.net>
Date: Fri, 07 Sep 2001 14:32:14 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Tom Gindin <tgindin@us.ibm.com>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <OF000F9E24.82296A99-ON85256AC0.00407A72@pok.ibm.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Tom,
I still believe that this discussion is more appropriate, at this time, to
X.509 currently rather than PKIX. So I have bindly copied the X.509
discussion list. Having said that, making sure that PKIX members agree with
the proposal cannot hurt.
> I would argue for SHOULD for that extension rather than MUST, but its
> presence can hardly hurt if it is non-critical.
I believe that we basically agree. When this extension is present, then it
is non critical.
> BTW, I hadn't read your note when I composed mine.
> Now, what is the proper syntax for this extension, which could be named
> "RevokeRetention"? Here are some possibilities:
> 1 Assume that all usage types have either no retention or the same one.
> A simple syntax for this would be:
> RevokeRetention ::= SEQUENCE {
> basicUsages KeyUsage OPTIONAL,
> extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
> incExpsAfter GeneralizedTime
> }
Since in practice, I would expect a policy where all certicates having DS or
NR set are kept one month longer, this seems sufficient.
> 2 Assume that usage types may have different non-null retentions.
A slightly less simple syntax for this would be:
>
> RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
>
> UsageRevokeRetention ::= SEQUENCE {
> CHOICE {
> basicUsage INTEGER,
-- 0-based bit offset from KeyUsage definition
> extUsage OBJECT IDENTIFIER,
> }
> incExpsAfter GeneralizedTime
> }
I would prefer:
basicUsage BIT STRING rather than
basicUsage INTEGER
We could also have a simpler syntax:
RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
UsageRevokeRetention ::= SEQUENCE {
incExpsAfter GeneralizedTime,
basicUsage BIT STRING OPTIONAL,
extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL
}
If some dates are different but some dates are common to various types of
certificates, this can save some entries.
> Naturally, any revocation matching a specified usage would be expected
> to be retained on the CRL if the certificate expiration time is after
> "incExpsAfter", but not otherwise. Furthermore, do you think
> extendedKeyUsage should be omitted?
For completness, since X.509 is a framework, extendedKeyUsage should be
there. PKIX can then decide to keep it or leave it in its profile.
Now, suppose we do this, this is fine for CRLs. How should an OCSP server
behave whether or not expired certificates are kept longer than strictly
mandatory ? RFC 2560 is rather vague on that topic.
Denis
> Tom Gindin
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87BuoF29882 for ietf-pkix-bks; Fri, 7 Sep 2001 04:56:50 -0700 (PDT)
Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87BumD29877 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 04:56:49 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id HAA94626; Fri, 7 Sep 2001 07:54:29 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f87BmaF71208; Fri, 7 Sep 2001 07:48:36 -0400
Importance: Normal
Subject: Re: Removing expired certificates from CRLs.....
To: Denis Pinkas <Denis.Pinkas@bull.net>
Cc: IETF-PKIX <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OF000F9E24.82296A99-ON85256AC0.00407A72@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Fri, 7 Sep 2001 07:56:41 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/07/2001 07:56:43 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
I would argue for SHOULD for that extension rather than MUST, but its
presence can hardly hurt if it is non-critical. BTW, I hadn't read your
note when I composed mine. Now, what is the proper syntax for this
extension, which could be named "RevokeRetention"? Here are some
possibilities:
1 Assume that all usage types have either no retention or the same one.
A simple syntax for this would be:
RevokeRetention ::= SEQUENCE {
basicUsages KeyUsage OPTIONAL,
extUsages SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
incExpsAfter GeneralizedTime
}
2 Assume that usage types may have different non-null retentions. A
slightly less simple syntax for this would be:
RevokeRetention ::= SEQUENCE OF UsageRevokeRetention
UsageRevokeRetention ::= SEQUENCE {
CHOICE {
basicUsage INTEGER, -- 0-based bit offset from KeyUsage
definition
extUsage OBJECT IDENTIFIER,
}
incExpsAfter GeneralizedTime
}
Naturally, any revocation matching a specified usage would be expected
to be retained on the CRL if the certificate expiration time is after
"incExpsAfter", but not otherwise. Furthermore, do you think
extendedKeyUsage should be omitted?
Tom Gindin
Denis Pinkas <Denis.Pinkas@bull.net> on 09/07/2001 07:34:12 AM
To: Tom Gindin/Watson/IBM@IBMUS
cc: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
Hello Tom !
> Because of unscheduled CRL publication, would it not make sense to
> recommend a minimum period of time after expiration before revoked NR
> certificates get removed from CRL's? In practice, specifying that they
> should be kept for a week or so beyond expiration would not cause CRL
> bloat, which can admittedly become a serious problem if all CRL entries
are
> kept forever.
Such recommendation would be nice, but only usable in "closed environments"
where it can be known that this policy is enforced. In "open environments"
in order to allow the use of CRLs which include certificates even after
they
expire, some indication SHALL be present in the CRL to know whether or not
it includes such certificates.
Denis
> Tom Gindin
>
> "Flynn, Michael" <MFlynn@verisign.com>@mail.imc.org on 09/05/2001
01:02:33
> PM
>
> Sent by: owner-ietf-pkix@mail.imc.org
>
> To: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
> cc:
> Subject: RE: Removing expired certificates from CRLs.....
>
> Ryan,
>
> Ryan wrote::
>
> Now logically it makes sense to remove certificates that are expired from
> CRLs to control size, yes this has a negative point specifically it
> prevents CRLs from being used as a non-repudiation source; but this is
mute
> due to many other issues.
>
> At least regarding removing expired certs from CRLs, I would think that
> non-repudiation can be satisfied by keeping the old CRLs in back up
storage
> for some length of time. That time being how far back in time a contract
> dispute might go; ten years, twenty? So long as you could get them off
> tape for the lawyers to look at the legal process would be satisfied,
they
> don't need to be online forever.
>
> Michael
>
> -----Original Message-----
> From: Ryan Hurst [mailto:ryanh@valicert.com]
> Sent: Tuesday, September 04, 2001 8:50 PM
> To: IETF-PKIX
> Subject: Removing expired certificates from CRLs.....
>
> I was speaking with Peter Williams today about the removal of expired
> certificates from CRLs; I have always been under the belief that this
> behavior was optional, I vaguely remembered reading text in 2459 along
> those lines; additionally I know of several commercial CAs that do not
> remove the expired certificates from their CRLs. Peter on the other hand
> was under the impression that it was a mandate to remove CRLs; he too
> remembered reading text in 2459 to support is position.
>
> So we each pulled out the RFC and found that we were both right!
> Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
>
> 3.3 Revocation
>
> When a certificate is issued, it is expected to be in use for its entire
> validity period. However, various circumstances may cause a certificate
> to become invalid prior to the expiration of the validity period.
>
> ....
>
> An entry is added to the CRL as part of the next update following
> notification of revocation. An entry may be removed from the CRL after
> appearing on one regularly scheduled CRL issued beyond the revoked
> certificate's validity period.
>
> 8.6.2.2 Issuing distribution point extension
>
> This CRL extension field identifies the CRL distribution point for this
> particular CRL, and indicates if the CRL is limited to revocations for
> end-entity certificates only, for authority certificates only, or for a
> limited set of reasons only. The CRL is signed by the CRL issuer's key-
> CRL distribution points do not have their own key pairs. However, for a
> CRL distributed via the Directory, the CRL is stored in the entry of the
> CRL distribution point, which may not be the directory entry of the CRL
> issuer. If this field is absent, the CRL shall contain entries for all
> revoked unexpired certificates issued by the CRL issuer.
>
> ....
>
> The distributionPoint component contains the name of the distribution
> point in one or more name forms. If this field is absent, the CRL shall
> contain entries for all revoked certificates issued by the CRL issuer.
> After a certificate appears on a CRL, it is deleted from a subsequent
CRL
> after the certificate's expiry.
>
> Although section 8.6.2.2 is specifically in regards to CRLdps, any
> difference between full CRLs and CRLdps in this case I feel would be an
> arbitrary one.
>
> Now logically it makes sense to remove certificates that are expired
from
> CRLs to control size, yes this has a negative point specifically it
> prevents CRLs from being used as a non-repudiation source; but this is
> mute due to many other issues.
>
> That being the case I think; and I believe Peter would agree the correct
> thing to do is to remove these expired/revoked entries from the CRL.
>
> The question now is what is the PKIX stance on this matter?
>
> Ryan M. Hurst
>
> ValiCert, Inc.
>
> "It may roundly be asserted that human ingenuity cannot concoct a
> cipher which human ingenuity cannot resolve."
> -Edgar Allan Poe
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87BYqT27719 for ietf-pkix-bks; Fri, 7 Sep 2001 04:34:52 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87BYoD27711 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 04:34:50 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id NAA22022 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 13:36:50 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id NAA15066; Fri, 7 Sep 2001 13:34:13 +0200
Message-ID: <3B98B0B4.CA906E21@bull.net>
Date: Fri, 07 Sep 2001 13:34:12 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Tom Gindin <tgindin@us.ibm.com>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <OF45312249.093B3E56-ON85256ABF.0069CD54@pok.ibm.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hello Tom !
> Because of unscheduled CRL publication, would it not make sense to
> recommend a minimum period of time after expiration before revoked NR
> certificates get removed from CRL's? In practice, specifying that they
> should be kept for a week or so beyond expiration would not cause CRL
> bloat, which can admittedly become a serious problem if all CRL entries are
> kept forever.
Such recommendation would be nice, but only usable in "closed environments"
where it can be known that this policy is enforced. In "open environments"
in order to allow the use of CRLs which include certificates even after they
expire, some indication SHALL be present in the CRL to know whether or not
it includes such certificates.
Denis
> Tom Gindin
>
> "Flynn, Michael" <MFlynn@verisign.com>@mail.imc.org on 09/05/2001 01:02:33
> PM
>
> Sent by: owner-ietf-pkix@mail.imc.org
>
> To: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
> cc:
> Subject: RE: Removing expired certificates from CRLs.....
>
> Ryan,
>
> Ryan wrote::
>
> Now logically it makes sense to remove certificates that are expired from
> CRLs to control size, yes this has a negative point specifically it
> prevents CRLs from being used as a non-repudiation source; but this is mute
> due to many other issues.
>
> At least regarding removing expired certs from CRLs, I would think that
> non-repudiation can be satisfied by keeping the old CRLs in back up storage
> for some length of time. That time being how far back in time a contract
> dispute might go; ten years, twenty? So long as you could get them off
> tape for the lawyers to look at the legal process would be satisfied, they
> don't need to be online forever.
>
> Michael
>
> -----Original Message-----
> From: Ryan Hurst [mailto:ryanh@valicert.com]
> Sent: Tuesday, September 04, 2001 8:50 PM
> To: IETF-PKIX
> Subject: Removing expired certificates from CRLs.....
>
> I was speaking with Peter Williams today about the removal of expired
> certificates from CRLs; I have always been under the belief that this
> behavior was optional, I vaguely remembered reading text in 2459 along
> those lines; additionally I know of several commercial CAs that do not
> remove the expired certificates from their CRLs. Peter on the other hand
> was under the impression that it was a mandate to remove CRLs; he too
> remembered reading text in 2459 to support is position.
>
> So we each pulled out the RFC and found that we were both right!
> Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
>
> 3.3 Revocation
>
> When a certificate is issued, it is expected to be in use for its entire
> validity period. However, various circumstances may cause a certificate
> to become invalid prior to the expiration of the validity period.
>
> ....
>
> An entry is added to the CRL as part of the next update following
> notification of revocation. An entry may be removed from the CRL after
> appearing on one regularly scheduled CRL issued beyond the revoked
> certificate's validity period.
>
> 8.6.2.2 Issuing distribution point extension
>
> This CRL extension field identifies the CRL distribution point for this
> particular CRL, and indicates if the CRL is limited to revocations for
> end-entity certificates only, for authority certificates only, or for a
> limited set of reasons only. The CRL is signed by the CRL issuer's key-
> CRL distribution points do not have their own key pairs. However, for a
> CRL distributed via the Directory, the CRL is stored in the entry of the
> CRL distribution point, which may not be the directory entry of the CRL
> issuer. If this field is absent, the CRL shall contain entries for all
> revoked unexpired certificates issued by the CRL issuer.
>
> ....
>
> The distributionPoint component contains the name of the distribution
> point in one or more name forms. If this field is absent, the CRL shall
> contain entries for all revoked certificates issued by the CRL issuer.
> After a certificate appears on a CRL, it is deleted from a subsequent CRL
> after the certificate's expiry.
>
> Although section 8.6.2.2 is specifically in regards to CRLdps, any
> difference between full CRLs and CRLdps in this case I feel would be an
> arbitrary one.
>
> Now logically it makes sense to remove certificates that are expired from
> CRLs to control size, yes this has a negative point specifically it
> prevents CRLs from being used as a non-repudiation source; but this is
> mute due to many other issues.
>
> That being the case I think; and I believe Peter would agree the correct
> thing to do is to remove these expired/revoked entries from the CRL.
>
> The question now is what is the PKIX stance on this matter?
>
> Ryan M. Hurst
>
> ValiCert, Inc.
>
> "It may roundly be asserted that human ingenuity cannot concoct a
> cipher which human ingenuity cannot resolve."
> -Edgar Allan Poe
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8793rq19049 for ietf-pkix-bks; Fri, 7 Sep 2001 02:03:53 -0700 (PDT)
Received: from dns01.infocamere.it (dns01.infocamere.it [193.70.148.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8793pD19040 for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 02:03:52 -0700 (PDT)
Received: from esd03d.icnet ([193.70.148.67]) by dns01.infocamere.it (Netscape Messaging Server 4.15) with ESMTP id GJABEH00.C0R for <ietf-pkix@imc.org>; Fri, 7 Sep 2001 10:54:17 +0200
Received: from weirma004082 ([1.5.16.68]) by esd03d.icnet (Netscape Messaging Server 4.15) with SMTP id GJABVE00.4VP; Fri, 7 Sep 2001 11:04:26 +0200
Message-ID: <005301c1377b$b1a0e020$52044701@icnet>
From: "Esposito Alfredo" <alfredo.esposito@infocamere.it>
To: "Sharon Boeyen" <sharon.boeyen@entrust.com>, "'IETF-PKIX'" <ietf-pkix@imc.org>
References: <9A4F653B0A375841AC75A8D17712B9C9B2731F@sottmxs04.entrust.com>
Subject: Re: Removing expired certificates from CRLs.....
Date: Fri, 7 Sep 2001 11:01:33 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0050_01C1378C.74EFB460"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Messaggio in formato MIME composto da più parti.
------=_NextPart_000_0050_01C1378C.74EFB460
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The following statement (apart the underscore) is excerpted from =
"Recommendation X.509 (2000) | ISO/IEC 9594-8:2000
Draft Technical Corrigendum 3" that is currently on ballot.
This corrects the defects reported in defect report 280
Replace the existing subclause 8.6.2.2 with the following and make =
associated changes to the ASN.1 in Appendix A:
8 . 6 . 2 . 2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this =
particular CRL, and indicates if the CRL is indirect, or if it is =
limited to covering only a subset of the revocation information. The =
limitation may be based on a subset of the certificate population or on =
a subset of revocation reasons. The CRL is signed by the CRL issuer's =
key - CRL distribution points do not have their own key pairs. However, =
for a CRL distributed via the Directory, the CRL is stored in the entry =
of the CRL distribution point, which may not be the directory entry of =
the CRL issuer. If this field and the CRL scope field are both absent, =
the CRL shall contain entries for all revoked unexpired certificates =
issued by the CRL issuer.
Alfredo Esposito
alfredo.esposito@infocamere.it
----- Original Message -----=20
From: Sharon Boeyen=20
To: 'IETF-PKIX'=20
Sent: Thursday, September 06, 2001 3:24 PM
Subject: RE: Removing expired certificates from CRLs.....
There was a problem with my initial attempt to send this to the list, =
so I am resending it.
Sharon
-----Original Message-----
From: Sharon Boeyen=20
Sent: Wednesday, September 05, 2001 1:36 PM
To: 'Flynn, Michael'; 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
I suspect some of the PKIX text was never updated to reflect the =
successful ballot on the X.509 defect report that fixed this in the base =
X.509 text. The approved TC for the defect (DR 204) corrected this =
problem by making the following changes to X.509 (97).
Clause 12.6.3.1
=20
In the first sentence following the ASN.1, delete "unexpired"
=20
Add the following as a new second sentence in the first paragraph =
following the ASN.1
=20
"After a certificate appears on a CRL, it may be deleted from a =
subsequent CRL after the certificate's expiry."
Cheers,
Sharon
-----Original Message-----
From: Flynn, Michael [mailto:MFlynn@verisign.com]
Sent: Wednesday, September 05, 2001 1:03 PM
To: 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are =
expired from CRLs to control size, yes this has a negative point =
specifically it prevents CRLs from being used as a non-repudiation =
source; but this is mute due to many other issues.
At least regarding removing expired certs from CRLs, I would think =
that non-repudiation can be satisfied by keeping the old CRLs in back up =
storage for some length of time. That time being how far back in time a =
contract dispute might go; ten years, twenty? So long as you could get =
them off tape for the lawyers to look at the legal process would be =
satisfied, they don't need to be online forever. =20
=20
Michael
=20
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of =
expired certificates from CRLs; I have always been under the belief that =
this behavior was optional, I vaguely remembered reading text in 2459 =
along those lines; additionally I know of several commercial CAs that do =
not remove the expired certificates from their CRLs. Peter on the other =
hand was under the impression that it was a mandate to remove CRLs; he =
too remembered reading text in 2459 to support is position.
=20
So we each pulled out the RFC and found that we were both right! =
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
=20
3.3 Revocation
When a certificate is issued, it is expected to be in use for =
its entire validity period. However, various circumstances may cause a =
certificate to become invalid prior to the expiration of the validity =
period.
=20
....
=20
An entry is added to the CRL as part of the next update =
following notification of revocation. An entry may be removed from the =
CRL after appearing on one regularly scheduled CRL issued beyond the =
revoked certificate's validity period.
=20
=20
=20
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point =
for this particular CRL, and indicates if the CRL is limited to =
revocations for end-entity certificates only, for authority certificates =
only, or for a limited set of reasons only. The CRL is signed by the CRL =
issuer's key- CRL distribution points do not have their own key pairs. =
However, for a CRL distributed via the Directory, the CRL is stored in =
the entry of the CRL distribution point, which may not be the directory =
entry of the CRL issuer. If this field is absent, the CRL shall contain =
entries for all revoked unexpired certificates issued by the CRL issuer.
=20
....
=20
The distributionPoint component contains the name of the =
distribution point in one or more name forms. If this field is absent, =
the CRL shall contain entries for all revoked certificates issued by the =
CRL issuer. After a certificate appears on a CRL, it is deleted from a =
subsequent CRL after the certificate's expiry.
=20
=20
Although section 8.6.2.2 is specifically in regards to CRLdps, =
any difference between full CRLs and CRLdps in this case I feel would be =
an arbitrary one.=20
=20
Now logically it makes sense to remove certificates that are =
expired from CRLs to control size, yes this has a negative point =
specifically it prevents CRLs from being used as a non-repudiation =
source; but this is mute due to many other issues.
=20
That being the case I think; and I believe Peter would agree the =
correct thing to do is to remove these expired/revoked entries from the =
CRL.=20
=20
The question now is what is the PKIX stance on this matter?
=20
Ryan M. Hurst
ValiCert, Inc.
=20
"It may roundly be asserted that human ingenuity cannot =
concoct a cipher which human ingenuity cannot resolve."
-Edgar Allan Poe
=20
------=_NextPart_000_0050_01C1378C.74EFB460
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3DWord.Document name=3DProgId>
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20
href=3D"cid:filelist.xml@01C13583.EFC4BB00" =
rel=3DFile-List><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"PersonName"></o:SmartTagType><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>st1\:* {
BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: SimSun;
}
@font-face {
font-family: \@SimSun;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; =
mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: =
personal-compose; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; =
mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; =
mso-hansi-font-family: Arial; mso-bidi-font-family: Arial
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
SPAN.GramE {
mso-style-name: ""; mso-gram-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=3DEN-US style=3D"tab-interval: .5in" vLink=3Dpurple =
link=3Dblue=20
bgColor=3D#ffffff><FONT size=3D2><FONT size=3D4>
<DIV><FONT face=3DArial size=3D2>The following statement (apart the =
underscore) is=20
excerpted from "Recommendation X.509 (2000) | ISO/IEC =
9594-8:2000<BR>Draft=20
Technical Corrigendum 3" that is currently on ballot.</FONT></DIV>
<P align=3Dleft><FONT face=3DArial><STRONG><EM>This corrects the defects =
reported in=20
defect report 280</EM></STRONG></FONT></P></FONT>
<P align=3Dleft><FONT face=3DArial><EM>Replace the existing subclause =
8.6.2.2 with=20
the following and make associated changes to the </EM></FONT><FONT=20
face=3DArial><EM>ASN.1 in Appendix A:</EM></FONT></P>
<DIV><B>
<P align=3Dleft><FONT face=3DArial>8 . 6 . 2 . 2 Issuing distribution =
point=20
extension</FONT></P></B>
<P align=3Dleft><FONT face=3DArial>This CRL extension field identifies =
the CRL=20
distribution point for this particular CRL, and indicates if the CRL is=20
indirect, or if it is limited to covering only a subset of the =
revocation=20
information. The limitation may be based on a subset of the certificate=20
population or on a subset of revocation reasons. The CRL is signed by =
the CRL=20
issuer’s key — CRL distribution points do not have their own =
key pairs. However,=20
for a CRL distributed via the Directory, the CRL is stored in the entry =
of the=20
CRL distribution point, which may not be the directory entry of the CRL =
issuer.=20
If this field and the CRL scope field are both absent, the CRL shall =
contain=20
entries for all revoked <U>unexpired</U> certificates issued by the CRL=20
issuer.</FONT></P>
<P align=3Dleft><FONT face=3DArial>Alfredo Esposito<BR></FONT><FONT =
face=3DArial><A=20
href=3D"mailto:alfredo.esposito@infocamere.it">alfredo.esposito@infocamer=
e.it</A></FONT></P></FONT>-----=20
Original Message ----- </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dsharon.boeyen@entrust.com=20
href=3D"mailto:sharon.boeyen@entrust.com">Sharon Boeyen</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dietf-pkix@imc.org=20
href=3D"mailto:ietf-pkix@imc.org">'IETF-PKIX'</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, September 06, =
2001 3:24=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: Removing expired=20
certificates from CRLs.....</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D347082413-06092001>There was a problem with my initial attempt =
to send=20
this to the list, so I am resending it.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D347082413-06092001></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D347082413-06092001>Sharon</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Sharon Boeyen=20
<BR><B>Sent:</B> Wednesday, September 05, 2001 1:36 PM<BR><B>To:</B> =
'Flynn,=20
Michael'; 'Ryan Hurst'; IETF-PKIX<BR><B>Subject:</B> RE: Removing =
expired=20
certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV><SPAN class=3D054173117-05092001><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
suspect some of the PKIX text was never updated to reflect the =
successful=20
ballot on the X.509 defect report that fixed this in the base =
X.509=20
text. The approved TC for the defect (DR 204) corrected this problem =
by=20
making the following changes to X.509 (97).</FONT></SPAN></DIV>
<DIV><SPAN class=3D054173117-05092001></SPAN> </DIV>
<DIV><SPAN class=3D054173117-05092001> </DIV>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.55pt"><B=20
style=3D"mso-bidi-font-weight: normal">Clause =
12.6.3.1<o:p></o:p></B></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: =
0.5in"> <o:p></o:p></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal">In the first sentence =
following the=20
ASN.1, delete “unexpired”<o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal"> <o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal">Add the following as a new =
second=20
sentence in the first paragraph following the =
ASN.1<o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: =
0.5in"> <o:p></o:p></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Times New =
Roman'">“After a certificate=20
appears on a CRL, it may be deleted from a subsequent CRL after the=20
certificate’s expiry.”<o:p></o:p></SPAN></P>
<DIV> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><SPAN class=3D054173117-05092001><FONT=20
color=3D#0000ff>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=3D054173117-05092001><FONT=20
color=3D#0000ff>Sharon</FONT></SPAN></DIV>
<DIV><FONT color=3D#0000ff></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff =
2px solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Flynn, Michael =
[mailto:MFlynn@verisign.com]<BR><B>Sent:</B> Wednesday, September =
05, 2001=20
1:03 PM<BR><B>To:</B> 'Ryan Hurst'; IETF-PKIX<BR><B>Subject:</B> =
RE:=20
Removing expired certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New"=20
size=3D2>Ryan,</FONT></SPAN></DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New" =
size=3D2>Ryan=20
wrote::</DIV>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it =
makes sense=20
to remove certificates that are expired from <SPAN=20
class=3DSpellE>CRLs</SPAN> to control size, yes this has a =
negative point=20
specifically it prevents <SPAN class=3DSpellE>CRLs</SPAN> from =
being used as=20
a non-repudiation source; but this is mute due to many other=20
issues.</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"></SPAN></FONT> </P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001>At least regarding removing expired =
certs from=20
CRLs, I would think that non-repudiation can be satisfied by =
keeping the=20
old CRLs in back up storage for some length of time. That =
time being=20
how far back in time a contract dispute might go; ten years, =
twenty?=20
So long as you could get them off tape for the =
lawyers to=20
look at the legal process would be satisfied, they don't need to =
be online=20
forever. </SPAN></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001></SPAN></o:p></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001></SPAN></o:p></SPAN> </P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001>Michael</SPAN></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
=
class=3D537505516-05092001></SPAN></o:p></SPAN> </P></FONT></SPAN>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 =
2px solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Ryan Hurst=20
[mailto:ryanh@valicert.com]<BR><B>Sent:</B> Tuesday, September =
04, 2001=20
8:50 PM<BR><B>To:</B> IETF-PKIX<BR><B>Subject:</B> Removing =
expired=20
certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I was speaking =
with=20
</SPAN></FONT><st1:PersonName><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Peter=20
Williams</SPAN></FONT></st1:PersonName><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> today about the =
removal of=20
expired certificates from <SPAN class=3DSpellE>CRLs</SPAN>; I =
have always=20
been under the belief that this behavior was optional, I vaguely =
remembered reading text in 2459 along those lines; additionally =
I know=20
of several commercial <SPAN class=3DSpellE>CAs</SPAN> that do =
not remove=20
the expired certificates from their <SPAN =
class=3DSpellE>CRLs</SPAN>.=20
Peter on the other hand was under the impression that it was a =
mandate=20
to remove <SPAN class=3DSpellE>CRLs</SPAN>; he too remembered =
reading text=20
in 2459 to support is position.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">So we each pulled =
out the=20
RFC and found that we were both right! Specifically both =
sections 3.3=20
and 8.6.2.2 have text on this =
subject:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt =
274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt =
687.0pt 732.8pt; mso-layout-grid-align: none"><SPAN=20
class=3DGramE><B style=3D"mso-bidi-font-weight: normal"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; =
mso-bidi-font-weight: normal">3.3<SPAN=20
style=3D"mso-spacerun: yes"> =20
</SPAN>Revocation</SPAN></FONT></B></SPAN><B=20
style=3D"mso-bidi-font-weight: normal"><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; =
mso-bidi-font-weight: normal"><o:p></o:p></SPAN></FONT></B></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt =
274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt =
687.0pt 732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">When=20
a certificate is issued, it is expected to be in use for its =
entire=20
validity period.<SPAN style=3D"mso-spacerun: yes"> =
</SPAN>However,=20
various circumstances may cause a certificate to become invalid =
prior to=20
the expiration of the validity =
period.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt =
274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt =
687.0pt 732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt =
274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt =
687.0pt 732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">An=20
entry is added to the CRL as part of the next update following=20
notification of revocation. <B><I><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-STYLE: italic">An entry may be =
removed=20
from the CRL after appearing on one regularly scheduled CRL =
issued=20
beyond the revoked certificate's validity=20
period.</SPAN></I></B><o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: =
none"><B><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">8.6.2.2=20
Issuing distribution point =
extension<o:p></o:p></SPAN></FONT></B></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">This CRL=20
extension field identifies the CRL distribution point for this=20
particular CRL, and indicates if the CRL is limited to =
revocations for=20
end-entity certificates only, for authority certificates only, =
or for a=20
limited set of reasons only. The CRL is signed by the CRL =
issuer's key-=20
CRL distribution points do not have their own key pairs. =
However, for a=20
CRL distributed via the Directory, the CRL is stored in the =
entry of the=20
CRL distribution point, which may not be the directory entry of =
the CRL=20
issuer.<I><SPAN style=3D"FONT-STYLE: italic"> <B><SPAN=20
style=3D"FONT-WEIGHT: bold">If this field is absent, the CRL =
shall contain=20
entries for all revoked <SPAN class=3DSpellE>unexpired</SPAN> =
certificates=20
issued by the CRL=20
issuer.</SPAN></B><o:p></o:p></SPAN></I></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: =
none"><I><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-STYLE: italic; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></I></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
color=3Dblue size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">The =
</SPAN></FONT><SPAN class=3DSpellE><B><FONT face=3DArial =
size=3D1><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">distributionPoint</SPAN></FONT></B></SPAN><B><FONT=20
face=3DArial size=3D1><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial"> =
</SPAN></FONT></B><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">component contains =
the name=20
of the distribution point in one or more name forms. If this =
field is=20
absent, the CRL shall contain entries for all revoked =
certificates=20
issued by the CRL issuer. <B><I><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-STYLE: italic">After a =
certificate=20
appears on a CRL, it is deleted from a subsequent CRL after the=20
certificate's =
expiry.<o:p></o:p></SPAN></I></B></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Although section =
8.6.2.2 is=20
specifically in regards to <SPAN class=3DSpellE>CRLdps</SPAN>, =
any=20
difference between full <SPAN class=3DSpellE>CRLs</SPAN> and =
<SPAN=20
class=3DSpellE>CRLdps</SPAN> in this case I feel would be an =
arbitrary=20
one. <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it =
makes sense=20
to remove certificates that are expired from <SPAN=20
class=3DSpellE>CRLs</SPAN> to control size, yes this has a =
negative point=20
specifically it prevents <SPAN class=3DSpellE>CRLs</SPAN> from =
being used=20
as a non-repudiation source; but this is mute due to many other=20
issues.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">That being the =
case I think;=20
and I believe Peter would agree the correct thing to do is to =
remove=20
these expired/revoked entries from the CRL.=20
<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">The question now =
is what is=20
the PKIX stance on this matter?<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Ryan M.=20
Hurst<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">ValiCert,=20
Inc.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<BLOCKQUOTE style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=3DMsoNormal><I><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: 12pt; FONT-STYLE: italic; mso-no-proof: =
yes">"It may=20
roundly be asserted that human ingenuity cannot concoct a =
cipher which=20
human ingenuity cannot resolve."</SPAN></FONT></I><SPAN=20
style=3D"mso-no-proof: =
yes"><o:p></o:p></SPAN></P></BLOCKQUOTE>
<BLOCKQUOTE style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=3DMsoNormal><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: 12pt; mso-no-proof: yes">-Edgar Allan=20
Poe</SPAN><o:p></o:p></FONT></P></BLOCKQUOTE>
<P class=3DMsoNormal><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BLOCKQUOTE>=
</BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0050_01C1378C.74EFB460--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86NpJ517791 for ietf-pkix-bks; Thu, 6 Sep 2001 16:51:19 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86NpHD17787 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 16:51:17 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id TAA09652; Thu, 6 Sep 2001 19:53:12 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010407b7bdbbc840e3@[128.33.84.34]>
In-Reply-To: <3B97F883.38B84429@cablespeed.com>
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE23F@exchange.valicert.com> <3B97F883.38B84429@cablespeed.com>
Date: Thu, 6 Sep 2001 19:51:08 -0400
To: jim <jimhei@cablespeed.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: Removing expired certificates from CRLs.....
Cc: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>, Nancy Bianco <nbianco@conclusive.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Jim,
PKIX, like most other IETF WGs, frowns on product advertisements
inserted into our standards discussions. The product you mention also
sounds like it is not connected to the PKI standards work we do here,
hence even less appropriate for this discussion.
Thanks,
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86MR6c16263 for ietf-pkix-bks; Thu, 6 Sep 2001 15:27:06 -0700 (PDT)
Received: from mail.cablespeed.com (mail.cablespeed.com [206.112.192.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86MR5D16258 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 15:27:05 -0700 (PDT)
Received: from cablespeed.com (c216-45-71-147.md1.cablespeed.com [216.45.71.147]) by mail.cablespeed.com (8.9.3/8.9.3) with ESMTP id PAA14480; Thu, 6 Sep 2001 15:26:50 -0700
Message-ID: <3B97F883.38B84429@cablespeed.com>
Date: Thu, 06 Sep 2001 18:28:19 -0400
From: jim <jimhei@cablespeed.com>
X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Ryan Hurst <ryanh@valicert.com>
CC: IETF-PKIX <ietf-pkix@imc.org>, Nancy Bianco <nbianco@conclusive.com>
Subject: Re: Removing expired certificates from CRLs.....
References: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE23F@exchange.valicert.com>
Content-Type: multipart/alternative; boundary="------------512E1D8EABB90226977BBA41"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--------------512E1D8EABB90226977BBA41
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Ryan,
The quick and dirty answer is to use the Conclusive Logic middleware
solution, TrustLogic, for its Persistent Proof capability and do not worry about
notarization after the fact because you will already have captured all of the
legal requirements for notarization during the time when the session in which
the data transfer occurred. The user will have been authenticated at the
beginning of the session and the data will be stored as encrypted XML in the
audit log, which is hashed and signed by the TrustLogic server.
Call Nancy and talk with her and Jean about it.
Jim Heimberg, ABC, Ph.D.
Manager, Customer Relations
Conclusive Logic, Inc.
additional e-mail address: jheimberg@conclusive.com
Ryan Hurst wrote:
> David -
>
> Although my confusion on this issue has been cleared up (note to self; always
> verify your sources) now; this brings up a very interesting point. I and
> others I have spoken with believe that the addition of such an extension (one
> that states that the CRL contains ALL revocation entries both current and
> expired) would be very valuable.
>
> Consider this problem, today I receive a digitally signed and time stamped
> document (a contract possibly), this document was signed by a certificate
> issued off of any number of commercial CA's that exist today. 10 years later
> the document is in question and I need to establish that the certificate
> associated with the signature on the document was valid at the time it was
> signed; there are several significant possibilities here:
>
> 1. CA in question has CRLNumber extension in all of their CRLs and they are
> all available
> 2. CA in question does not have the CRLNumber in all CRLS or just a subset
>
> Now in #1 the problem is relatively easy, I find all CRLs that were valid
> during my window and of those I pick the one that has the highest CRLnumber.
> An extension like this would be "use-full" in this case but not necessary.
>
> In #2 the problem gets, well unsolvable; Since there are no ways to determine
> if I have all of the CRLs that are within my window (remember validity windows
> on CRLs can overlap so the ones within the overlapped window that state the
> certificate is revoked could be "lost") I will never now if the certificate
> was valid at the time in question. Now if the CRLs that were generated
> contained all entries and were marked as such with an extension I would have a
> mechanism to solve this problem; simply get the most recent CRL.
>
> Ryan
>
> -----Original Message-----
> From: David A. Cooper [mailto:david.cooper@nist.gov]
> Sent:Wednesday, September 05, 20017:39 AM
> To: IETF-PKIX
> Subject: Re: Removing expired certificates from CRLs.....
>
> At 03:53 PM9/5/01 +0200, Nada Kapidzic Cicovic wrote:
>
> Denis,
>
> I was making comments on the text which Ryan extracted in his mail, assuming
> that they were from the son-of-RFC2459.
>
> In particular the last sentence in this paragraph:
>
> The distributionPoint component contains the name of the distribution point in
> one or more name forms. If this field is absent, the CRL shall contain entries
> for all revoked certificates issued by the CRL issuer. After a certificate
> appears on a CRL, it is deleted from a subsequent CRL after the certificate's
> expiry.
>
> However, after getting your comment I realized that this sentence and the
> referred section 8.6.2.2 comes from the X.509 (the latest version that I have
> on my disk is X_509_4thEditionDraftV6, and it contains the above text).
>
>
> I have X_509_4thEditionDraftV8 on my computer and it appears that this has
> been fixed. I now says "After a certificate appears on a CRL, it may be
> deleted from a subsequent CRL after the certificate's expiry." I didn't
> bother to look at son-of-2459.
>
> In any case, both X.509 and son-of-2459 should say that a certificate may be
> deleted from a CRL after it has expired. In general, though, I don't think
> there is much benefit to leaving expired certificates on CRLs. The problem is
> that, at the moment, if an expired certificate is not listed on a CRL, there
> is no way to determine whether it is not listed because it was never revoked
> or if it was revoked but is not listed because it was removed after
> expiration.
>
> Some time ago, there was a suggestion to create a new, non-critical CRL
> extension that would specify whether an expired certificate was covered by a
> CRL (e.g., the extension could state: "This CRL includes all revoked
> certificates that expire(d) after Jan. 1, 2001 (i.e., notAfter >=
> 010101000000Z)."). There didn't seem to be much support for this idea, so the
> extension was never created.
>
>
> The current text of the son-of-RFC2459 does not seem to contain it or any
> other misleading sentences regarding this issue.
>
> Sorry for the confusion.
>
> Nada
>
--------------512E1D8EABB90226977BBA41
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<body link="#0000FF" vlink="#800080" lang="EN-US" style="tab-interval:.5in">
Ryan,
<br> The quick and dirty answer is to use the Conclusive
Logic middleware solution, TrustLogic, for its Persistent Proof capability
and do not worry about notarization after the fact because you will already
have captured all of the legal requirements for notarization during the
time when the session in which the data transfer occurred. The user
will have been authenticated at the beginning of the session and the data
will be stored as encrypted XML in the audit log, which is hashed and signed
by the TrustLogic server.
<br> Call Nancy and talk with her and Jean about it.
<br>Jim Heimberg, ABC, Ph.D.
<br>Manager, Customer Relations
<br>Conclusive Logic, Inc.
<br>additional e-mail address: jheimberg@conclusive.com
<p>Ryan Hurst wrote:
<blockquote TYPE=CITE><link rel=File-List href="cid:filelist.xml@01C13659.21A03020"><o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="time"/><o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="date"/><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]--><style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2002394047;
mso-list-type:hybrid;
mso-list-template-ids:2140069784 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
<div class=Section1>
<div class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><font face="Arial"><font color="#000080"><font size=-1>David
-</font></font></font><o:p></o:p></span></div>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><span style='mso-tab-count:1'></span><font face="Arial"><font color="#000080"><font size=-1>Although
my confusion on this issue has been cleared up (note to self; always verify
your sources) now; this brings up a very interesting point. I and others
I have spoken with believe that the addition of such an extension (one
that states that the CRL contains ALL revocation entries both current and
expired) would be very valuable. </font></font></font><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><font face="Arial"><font color="#000080"><font size=-1>Consider
this problem, today I receive a digitally signed and time stamped document
(a contract possibly), this document was signed by a certificate issued
off of any number of commercial CA's that exist today. 10 years later the
document is in question and I need to establish that the certificate associated
with the signature on the document was valid at the time it was signed;
there are several significant possibilities here:</font></font></font><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<ol style='mso-margin-top-alt:0in' start=1 type=1>
<li class="MsoNormal" style="color:navy;mso-list:l0 level1 lfo1;tab-stops:list .5in">
<span style='font-size:10.0pt;font-family:
Arial'><font face="Arial"><font color="#000080"><font size=-1>CA
in question has <span class=SpellE>CRLNumber</span> extension in all
of their <span class=SpellE>CRLs</span> and they are all available</font></font></font><o:p></o:p></span></li>
<li class="MsoNormal" style="color:navy;mso-list:l0 level1 lfo1;tab-stops:list .5in">
<span style='font-size:10.0pt;font-family:
Arial'><font face="Arial"><font color="#000080"><font size=-1>CA
in question does not have the <span class=SpellE>CRLNumber</span>
in all CRLS or just a subset</font></font></font><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span></div>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><font face="Arial"><font color="#000080"><font size=-1>Now
in #1 the problem is relatively easy, I find all <span class=SpellE>CRLs</span>
that were valid during my window and of those I pick the one that has the
highest <span class=SpellE>CRLnumber</span>. An extension like this
would be "use-full" in this case but not necessary.</font></font></font><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><font face="Arial"><font color="#000080"><font size=-1>In
#2 the problem gets, well unsolvable; Since there are no ways to determine
if I have all of the <span class=SpellE>CRLs</span> that are within
my window (remember validity windows on <span class=SpellE>CRLs</span>
can overlap so the ones within the overlapped window that state the certificate
is revoked could be "lost") I will never now if the certificate was valid
at the time in question. Now if the <span class=SpellE>CRLs</span>
that were generated contained all entries and were marked as such with
an extension I would have a mechanism to solve this problem; simply get
the most recent CRL.</font></font></font><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><font face="Arial"><font color="#000080"><font size=-1>Ryan</font></font></font><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal"><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:10.0pt;font-family:Tahoma'><font face="Tahoma"><font size=-1>-----Original
Message-----</font></font>
<br><span style='font-weight:bold'><font face="Tahoma"><font size=-1><b>From:</span></b>
David A. Cooper [<A HREF="mailto:david.cooper@nist.gov">mailto:david.cooper@nist.gov</A>]</font></font>
<br><span style='font-weight:bold'><font face="Tahoma"><font size=-1><b>Sent:</span></span><st1:date
Month="9" Day="5" Year="2001"><span style='font-size:
10.0pt;font-family:Tahoma'></b>Wednesday,
September 05, 2001</span></st1:date><span style='font-size:10.0pt;font-family:Tahoma'></span><st1:time
Hour="7" Minute="39"><span style='font-size:10.0pt;
font-family:Tahoma'>7:39
AM</font></font></span></st1:time><span
style='font-size:10.0pt;font-family:Tahoma'>
<br><span style='font-weight:bold'><font face="Tahoma"><font size=-1><b>To:</span></b>
IETF-PKIX</font></font>
<br><span style='font-weight:bold'><font face="Tahoma"><font size=-1><b>Subject:</span></b>
Re: Removing expired certificates from CRLs.....</font></font></span>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'><o:p></o:p></span>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'><font face="Times New Roman"><font size=+0>At </span><st1:time Hour="15" Minute="53"></font></font>03:53
PM</st1:time><st1:date Month="9" Day="5" Year="2001">9/5/01</st1:date>
+0200, Nada Kapidzic Cicovic wrote:
<br><![if !supportLineBreakNewLine]>
<br><![endif]><o:p></o:p>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'><font face="Times New Roman"><font size=+0>Denis,</font></font>
<p><font face="Times New Roman"><font size=+0>I was making comments on
the text which Ryan extracted in his mail, assuming that they were from
the son-of-RFC2459.</font></font>
<p><font face="Times New Roman"><font size=+0>In particular the last sentence
in this paragraph:</font></font>
<p><font face="Times New Roman"><font size=+0>The </span><span style='font-size:10.0pt;font-weight:
bold'></font></font><b><font size=-1>distributionPoint </span></font></b>component
contains the name of the distribution point in one or more name forms.
If this field is absent, the CRL shall contain entries for all revoked
certificates issued by the CRL issuer. <span
style='font-weight:bold;font-style:italic'><b><i>After
a certificate appears on a CRL, it is deleted from a subsequent CRL after
the certificate's expiry.</i></b>
<p></span>However, after getting your comment I realized that this sentence
and the referred section 8.6.2.2 comes from the X.509 (the latest version
that I have on my disk is X_509_4thEditionDraftV6, and it contains the
above text). <o:p></o:p>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'>
<br><font face="Times New Roman"><font size=+0>I have X_509_4thEditionDraftV8
on my computer and it appears that this has been fixed. I now says "After
a certificate appears on a CRL, it <span
style='font-weight:bold'><b>may
be</span></b> deleted from a subsequent CRL after the certificate's expiry."
I didn't bother to look at son-of-2459.</font></font>
<p><font face="Times New Roman"><font size=+0>In any case, both X.509 and
son-of-2459 should say that a certificate may be deleted from a CRL after
it has expired. In general, though, I don't think there is much benefit
to leaving expired certificates on CRLs. The problem is that, at
the moment, if an expired certificate is not listed on a CRL, there is
no way to determine whether it is not listed because it was never revoked
or if it was revoked but is not listed because it was removed after expiration.</font></font>
<p><font face="Times New Roman"><font size=+0>Some time ago, there was
a suggestion to create a new, non-critical CRL extension that would specify
whether an expired certificate was covered by a CRL (e.g., the extension
could state: "This CRL includes all revoked certificates that expire(d)
after </span><st1:date Month="1" Day="1"
Year="2001"></font></font>Jan.
1, 2001</st1:date> (i.e., notAfter >= 010101000000Z)."). There didn't seem
to be much support for this idea, so the extension was never created.
<p><![if !supportLineBreakNewLine]>
<br><![endif]><o:p></o:p>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'><font face="Times New Roman"><font size=+0>The
current text of the son-of-RFC2459 does not seem to contain it or any other
misleading sentences regarding this issue.</font></font>
<p><font face="Times New Roman"><font size=+0>Sorry for the confusion.</font></font>
<p><font face="Times New Roman"><font size=+0>Nada</font></font><o:p></o:p></span>
<p class="MsoNormal" style="margin-left:.5in"><span
style='font-size:12.0pt'><o:p></o:p></span></div>
</blockquote>
</body>
</html>
--------------512E1D8EABB90226977BBA41--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86M1xN15867 for ietf-pkix-bks; Thu, 6 Sep 2001 15:01:59 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86M1vD15863 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 15:01:57 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f86M1pa09378; Thu, 6 Sep 2001 15:01:51 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Denis Pinkas" <Denis.Pinkas@bull.net>
Cc: "PKIX \(E-mail\)" <ietf-pkix@imc.org>
Subject: RE: Logos: objection to charter revisions
Date: Thu, 6 Sep 2001 15:00:32 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEMCCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-reply-to: <3B973BAD.ACB38E34@bull.net>
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Further, of what utility is a logo to an IPSEC gateway, for example? I
suspect about as much value as embedded text asserting a relying party's
obligations.
Mike
> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas
> Sent: Thursday, September 06, 2001 2:03 AM
> Cc: PKIX (E-mail)
> Subject: Re: Logos: objection to charter revisions
>
>
>
>
> After seeing all that discussion about logos, I realized that we had
> a solution (i.e. the draft writen by Stefan) for an unknown problem.
>
> 1) Are logos to be used in server certificates ?
> If so, what would be their intended meaning ?
>
> 2) Are logos to be used in human-user certificates ?
> If so, what would be their intended meaning ?
>
> 3) Are logos to be used in CA certificates ?
> If so, what would be their intended meaning ?
>
> 4) Are logos to be used in self-signed certificates ?
> If so, what would be their intented meaning ?
>
> I do not think that the meaning and the use of the logo information will
> necessarilly be the same for all of the above cases.
>
> If that topic is going to stay on the charter, before we define a solution
> we should first define the requirements. So an INFORMATIONAL RFC on the
> requirements should be the first step. This Informational RFC should at
> least answer to the questions raised above.
>
> Denis
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86KFwI13518 for ietf-pkix-bks; Thu, 6 Sep 2001 13:15:58 -0700 (PDT)
Received: from phnxpop4.phnx.uswest.net (phnxpop4.phnx.uswest.net [206.80.192.4]) by above.proper.com (8.11.6/8.11.3) with SMTP id f86KFuD13514 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 13:15:57 -0700 (PDT)
Received: (qmail 50039 invoked by alias); 6 Sep 2001 20:15:54 -0000
Delivered-To: fixup-ietf-pkix@imc.org@fixme
Received: (qmail 49659 invoked by uid 0); 6 Sep 2001 20:15:50 -0000
Received: from aydialup158.phnx.uswest.net (HELO ?192.168.0.2?) (63.225.214.158) by phnxpop4.phnx.uswest.net with SMTP; 6 Sep 2001 20:15:50 -0000
Mime-Version: 1.0
X-Sender: hoytkesterson@mail.earthlink.net
Message-Id: <a05100305b7bd87a263b6@[192.168.0.2]>
Date: Thu, 6 Sep 2001 13:14:02 -0700
To: "X.509":;, IETF LDAP <ietf-ldapext@netscape.com>
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
Subject: Version 15 of the Implementor's Guide for X.500
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Version 15 of the guide can be found in bookmarked PDF at
ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/Implementor%27sGuideV15.pdf
The version contains a defect summary, TCs correcting errors, and
DTCs under ballot for the 3rd and 4th edition. Those still interested
in the 2nd edition should keep Version 14 of the guide.
Although this guide contains corrections to all the parts of the
X.500 recommendation, bookmarks point directly to the TCs for both
editions of X.509.
The file is about 1.3 MB in size
hout
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86JXXS12753 for ietf-pkix-bks; Thu, 6 Sep 2001 12:33:33 -0700 (PDT)
Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86JXVD12749 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 12:33:31 -0700 (PDT)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id PAA373504; Thu, 6 Sep 2001 15:31:13 -0400
Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO v4.97.1) with ESMTP id f86JPKa53578; Thu, 6 Sep 2001 15:25:20 -0400
Importance: Normal
Subject: RE: Removing expired certificates from CRLs.....
To: "Flynn, Michael" <MFlynn@verisign.com>
Cc: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001
Message-ID: <OF45312249.093B3E56-ON85256ABF.0069CD54@pok.ibm.com>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Thu, 6 Sep 2001 15:18:57 -0400
X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.8 SPR #MIAS4UTJ8H |June 21, 2001) at 09/06/2001 03:33:27 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Because of unscheduled CRL publication, would it not make sense to
recommend a minimum period of time after expiration before revoked NR
certificates get removed from CRL's? In practice, specifying that they
should be kept for a week or so beyond expiration would not cause CRL
bloat, which can admittedly become a serious problem if all CRL entries are
kept forever.
Tom Gindin
"Flynn, Michael" <MFlynn@verisign.com>@mail.imc.org on 09/05/2001 01:02:33
PM
Sent by: owner-ietf-pkix@mail.imc.org
To: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
cc:
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it
prevents CRLs from being used as a non-repudiation source; but this is mute
due to many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along
those lines; additionally I know of several commercial CAs that do not
remove the expired certificates from their CRLs. Peter on the other hand
was under the impression that it was a mandate to remove CRLs; he too
remembered reading text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate
to become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key-
CRL distribution points do not have their own key pairs. However, for a
CRL distributed via the Directory, the CRL is stored in the entry of the
CRL distribution point, which may not be the directory entry of the CRL
issuer. If this field is absent, the CRL shall contain entries for all
revoked unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution
point in one or more name forms. If this field is absent, the CRL shall
contain entries for all revoked certificates issued by the CRL issuer.
After a certificate appears on a CRL, it is deleted from a subsequent CRL
after the certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it
prevents CRLs from being used as a non-repudiation source; but this is
mute due to many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a
cipher which human ingenuity cannot resolve."
-Edgar Allan Poe
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86HsrE10138 for ietf-pkix-bks; Thu, 6 Sep 2001 10:54:53 -0700 (PDT)
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86HspD10131 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 10:54:51 -0700 (PDT)
Received: from vhqpostal-gw1.verisign.com (mailer1.verisign.com [65.205.251.55]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id f86Hq5m13935; Thu, 6 Sep 2001 10:52:05 -0700 (PDT)
Received: by vhqpostal-gw1.verisign.com with Internet Mail Service (5.5.2653.19) id <R5GASAYR>; Thu, 6 Sep 2001 10:54:50 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F405869750@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Steve Hanna'" <steve.hanna@sun.com>, "Manger, James H" <James.H.Manger@team.telstra.com>
Cc: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: RE: Logos: objection to charter revisions
Date: Thu, 6 Sep 2001 10:54:49 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C136FD.058DCF10"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C136FD.058DCF10
Content-Type: text/plain;
charset="iso-8859-1"
I still fail to see the problem, if you have a cross certified cert chain
you should show the entire chain as logos.
So the user would see the following
[VeriSign PCA3] -> [SureTrust] -> [British Stuff PLC] -> [Alice]
Or
[JIS RoT] -X-> [BAL RoT] -X-> [Bob]
In other words there is no need for constraints because the user is going to
see the trust chain explicitly.
I don't see any problem in stating that logotypes on end user certs should
only be displayed if the root of trust says to use 'em. I think it is pretty
clear that the app software vendors would want to load the new roots of
trust with the images in them.
I would not want to have to re-issue several thousand intermediate CAs to
support logotypes however. So the OID for the root cert would have to allow
for the following cases:
1) Show logotypes of any cert in the chain that has one.
2) Only show logotypes if every cert bellow this one in the chain has a
'show logotypes' OID.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
------_=_NextPart_000_01C136FD.058DCF10
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C136FD.058DCF10--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86FOaE02330 for ietf-pkix-bks; Thu, 6 Sep 2001 08:24:36 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86FOYD02326 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 08:24:35 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA12236; Thu, 6 Sep 2001 17:23:50 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id RAA16542; Thu, 6 Sep 2001 17:21:13 +0200
Message-ID: <3B97946C.CF4BE7DF@bull.net>
Date: Thu, 06 Sep 2001 17:21:16 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: "David A. Cooper" <david.cooper@nist.gov>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <9A4F653B0A375841AC75A8D17712B9C9B27320@sottmxs04.entrust.com> <4.2.2.20010906102715.00be4a20@email.nist.gov>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
David,
> > > With the 509 meeting coming up in just a couple of weeks,
> > > if we reach consensus that it would be useful to add either
> > > a new extension or a new component to the IDP extension to indicate
> > > that a CRL includes revocation notices for expired certs,
> > > we could probably add it to the 509 WD at that meeting.
> >At this time it is more an X.509 discussion, rather than a PKIX discussion.
> >Anyway, I would support in principle the idea for X.509.
> >The information could be placed either in the certificate or in the CRL.
> >Placing it in the CRL has the advantage of not overloading the certificate,
> >so this solution should be better. So, if the information is placed in the
> >CRL, then the CRL should say something like: certificates which have the
> >keyUsage bits set to XXXX are maintained on the CRL Y weeks after they
> >expire.
> I agree that the information should be placed in the CRL. This provides
> the CRL issuer with flexibility.
> The idea of specifying keyUsage bits sounds interesting. This could be used
> to specify that only certificates used to verify signatures
> (i.e., keyUsage of digitalSignature and/or nonRepudiation) are listed after
> expiration. I can't think of any compelling reason to include key management
> certificates after they have expired.
OK.
> However, I'm not sure if the benefit is worth the increased complexity.
Every time an new extension is added, an additional piece of software is
needed to handle it. Yes, this is debatable, but the problem we currently
have, is that the only current way to know that certificates are still
maintained in the CRL after they expire is by using the PDS, which is not
machine processable. When PDS are used, the time certificates are maintained
in the CRL after they expire cannot be changed very often.
> I would also suggest a slight re-wording of the meaning of the extension
> to "this CRL lists all revoked certificates that have expired within the
> last Y weeks (in addition to all unexpired revoked certificates)."
> The extension should only specify what is included in that particular CRL,
> it should not make any promises about what is included in other CRLs.
> The CRL issuer should always be free to expand or shrink the set of
> expired certificates covered by its CRLs.
I agree. The time may vary from one CRL to the next, so it allows to change
the policy over time.
Denis
> Dave
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86FBuT01733 for ietf-pkix-bks; Thu, 6 Sep 2001 08:11:56 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86FBpD01729 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 08:11:52 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA13574; Thu, 6 Sep 2001 17:13:49 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id RAA17414; Thu, 6 Sep 2001 17:11:13 +0200
Message-ID: <3B979213.879138BF@bull.net>
Date: Thu, 06 Sep 2001 17:11:15 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Sharon Boeyen <sharon.boeyen@entrust.com>
CC: "'David A. Cooper'" <david.cooper@nist.gov>, IETF-PKIX <ietf-pkix@imc.org>, "Hoyt Kesterson (E-mail)" <hoytkesterson@earthlink.net>
Subject: Re: Removing expired certificates from CRLs.....
References: <9A4F653B0A375841AC75A8D17712B9C9B27323@sottmxs04.entrust.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Sharon,
> Denis, sorry for the display problem - I cut and pasted the text
> from the actual TC - next time I'll try to remember not to do that :-)
> Actually, I'm second-guessing the value of the extension. I think it is
> generally the case that good key management would have the signing key
> rolled over long before the expiry date of the verification certificate
> so hopefully the chances of a signature being applied "just" before a
> certificate expired would be slim/none.
It is true that I get my next (Visa) credit card (valid two years)
one month in advance, but nothing prevents me to use it, until the very
last day of its validity period.
> If that is true, then original validation would be happening before
> the certificate expired. If the RP needs to be able to argue
> that the signature was good at that time, it shouldn't be relying
> on a future CRL at the time they need to do that defence because
> there may not be one available, regardless of whether it contains
> this extension or not (CAs go out of business, their policy of CRL
> issuance may have changed etc). If the RP needs to be able to defend
> the validation, it would need to retain the evidence from the time
> of original validation, including a timestamped copy of the signed
> document, CRL that was valid at the time of verification etc.
If the CRL includes the information, then it is usable, otherwise it is not.
When a CA goes out of business, it should have previously taken provisions
to transmit the task of providing certificate status information to another
authority. As an example ETSI TS 101 456 states:
"The CA shall have an arrangement to cover the costs to fulfil these minimum
requirements in case the CA becomes bankrupt or for other reasons is unable
to cover the costs by itself.
c) The CA shall state in its practices the provisions made for termination
of service. This shall include:
- notification of affected entities,
- transferring the CA obligations to other parties,
- how the revocation status of unexpired certificates that have been issued
will be handled."
Denis
> Sharon
>
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Thursday, September 06, 2001 10:12 AM
> > To: Sharon Boeyen
> > Cc: 'David A. Cooper'; IETF-PKIX; Hoyt Kesterson (E-mail)
> > Subject: Re: Removing expired certificates from CRLs.....
> >
> >
> >
> > Hi Sharon,
> >
> > Glad to see back on the PKIX mailing list for a short while. :-)
> >
> > > David I do remember some discussion of a new extension but
> > > don't recall the reason why it wasn't pursued - do you remember?
> >
> > > With the 509 meeting coming up in just a couple of weeks,
> > > if we reach consensus that it would be useful to add either
> > > a new extension or a new component to the IDP extension to indicate
> > > that a CRL includes revocation notices for expired certs,
> > > we could probably add it to the 509 WD at that meeting.
> >
> > At this time it is more an X.509 discussion, rather than a
> > PKIX discussion.
> > Anyway, I would support in principle the idea for X.509.
> >
> > The information could be placed either in the certificate or
> > in the CRL.
> > Placing it in the CRL has the advantage of not overloading
> > the certificate,
> > so this solution should be better. So, if the information is
> > placed in the
> > CRL, then the CRL should say something like: certificates
> > which have the
> > keyUsage bits set to XXXX are maintained on the CRL Y weeks after they
> > expire.
> >
> > One of the main benefits is the following: you receive an
> > e-mail while on
> > holidays. The signature was done just before the certificate
> > expired, but
> > the e-amil was opened after it expired. With this additional
> > feature it
> > would be possible to know by fetching the current CRL whether
> > the e-mail was
> > signed legitimately.
> >
> > > I believe there is value in allowing expired certs to remain
> > > on CRLs, but certainly it should be an optional feature as
> > > it is not needed in all environments.
> >
> > True.
> >
> > Regards,
> >
> > Denis
> >
> > > Cheers,
> > > Sharon
> >
> >
> > BTW: my Netscape 4.7 browser is unable to display your
> > message correctly.
> > Next time, please use plaintext.
> >
Received: by above.proper.com (8.11.6/8.11.3) id f86F9VE01587 for ietf-pkix-bks; Thu, 6 Sep 2001 08:09:31 -0700 (PDT)
Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86F9TD01583 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 08:09:29 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id DAA22596; Fri, 7 Sep 2001 03:09:20 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id DAA172308; Fri, 7 Sep 2001 03:09:20 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Fri, 7 Sep 2001 03:09:20 +1200 (NZST)
Message-ID: <200109061509.DAA172308@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ietf-pkix@imc.org, magnus@dynas.se
Subject: Re: Polling in CMP
Cc: GRichards@rsasecurity.com
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> reason [0] PKIFreeText OPTIONAL
You put the spurious tag in there just to ensure you'd get a reply from me,
right? :-).
Peter.
Received: by above.proper.com (8.11.6/8.11.3) id f86EqiJ01241 for ietf-pkix-bks; Thu, 6 Sep 2001 07:52:44 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86EqhD01237 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:52:44 -0700 (PDT)
Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id KAA08193 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 10:52:44 -0400 (EDT)
Message-Id: <4.2.2.20010906102715.00be4a20@email.nist.gov>
X-Sender: cooper@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Thu, 06 Sep 2001 10:51:57 -0400
To: IETF-PKIX <ietf-pkix@imc.org>
From: "David A. Cooper" <david.cooper@nist.gov>
Subject: Re: Removing expired certificates from CRLs.....
In-Reply-To: <3B978422.493FED34@bull.net>
References: <9A4F653B0A375841AC75A8D17712B9C9B27320@sottmxs04.entrust.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 04:11 PM 9/6/01 +0200, Denis Pinkas wrote:
>At 09:41 AM 9/6/01 -0400, Sharon Boeyen wrote:
> > With the 509 meeting coming up in just a couple of weeks,
> > if we reach consensus that it would be useful to add either
> > a new extension or a new component to the IDP extension to indicate
> > that a CRL includes revocation notices for expired certs,
> > we could probably add it to the 509 WD at that meeting.
>
>At this time it is more an X.509 discussion, rather than a PKIX discussion.
>Anyway, I would support in principle the idea for X.509.
>
>The information could be placed either in the certificate or in the CRL.
>Placing it in the CRL has the advantage of not overloading the certificate,
>so this solution should be better. So, if the information is placed in the
>CRL, then the CRL should say something like: certificates which have the
>keyUsage bits set to XXXX are maintained on the CRL Y weeks after they
>expire.
I agree that the information should be placed in the CRL. This provides the CRL issuer with flexibility.
The idea of specifying keyUsage bits sounds interesting. This could be used to specify that only certificates used to verify signatures (i.e., keyUsage of digitalSignature and/or nonRepudiation) are listed after expiration. I can't think of any compelling reason to include key management certificates after they have expired. However, I'm not sure if the benefit is worth the increased complexity.
I would also suggest a slight re-wording of the meaning of the extension to "this CRL lists all revoked certificates that have expired within the last Y weeks (in addition to all unexpired revoked certificates).". The extension should only specify what is included in that particular CRL, it should not make any promises about what is included in other CRLs. The CRL issuer should always be free to expand or shrink the set of expired certificates covered by its CRLs.
Dave
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86Ekmj01074 for ietf-pkix-bks; Thu, 6 Sep 2001 07:46:48 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86EkhD01069 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:46:44 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SM1TANSF>; Thu, 6 Sep 2001 10:46:38 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B27323@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com>
Cc: "'David A. Cooper'" <david.cooper@nist.gov>, IETF-PKIX <ietf-pkix@imc.org>, "Hoyt Kesterson (E-mail)" <hoytkesterson@earthlink.net>
Subject: RE: Removing expired certificates from CRLs.....
Date: Thu, 6 Sep 2001 10:46:37 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C136E2.BB501120"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C136E2.BB501120
Content-Type: text/plain
Denis, sorry for the display problem - I cut and pasted the text
from the actual TC - next time I'll try to remember not to do that :-)
Actually, I'm second-guessing the value of the extension. I think it is
generally the case that good key management would have the signing key
rolled over long before the expiry date of the verification certificate so
hopefully the chances of a signature being applied "just" before a
certificate
expired would be slim/none. If that is true, then original validation would
be happening before the certificate expired. If the RP needs to be able to
argue
that the signature was good at that time, it shouldn't be relying on a
future
CRL at the time they need to do that defence because there may not be one
available, regardless of whether it contains this extension or not (CAs go
out
of business, their policy of CRL issuance may have changed etc). If the RP
needs
to be able to defend the validation, it would need to retain the evidence
from
the time of original validation, including a timestamped copy of the signed
document,
CRL that was valid at the time of verification etc.
Sharon
> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Thursday, September 06, 2001 10:12 AM
> To: Sharon Boeyen
> Cc: 'David A. Cooper'; IETF-PKIX; Hoyt Kesterson (E-mail)
> Subject: Re: Removing expired certificates from CRLs.....
>
>
>
> Hi Sharon,
>
> Glad to see back on the PKIX mailing list for a short while. :-)
>
> > David I do remember some discussion of a new extension but
> > don't recall the reason why it wasn't pursued - do you remember?
>
> > With the 509 meeting coming up in just a couple of weeks,
> > if we reach consensus that it would be useful to add either
> > a new extension or a new component to the IDP extension to indicate
> > that a CRL includes revocation notices for expired certs,
> > we could probably add it to the 509 WD at that meeting.
>
> At this time it is more an X.509 discussion, rather than a
> PKIX discussion.
> Anyway, I would support in principle the idea for X.509.
>
> The information could be placed either in the certificate or
> in the CRL.
> Placing it in the CRL has the advantage of not overloading
> the certificate,
> so this solution should be better. So, if the information is
> placed in the
> CRL, then the CRL should say something like: certificates
> which have the
> keyUsage bits set to XXXX are maintained on the CRL Y weeks after they
> expire.
>
> One of the main benefits is the following: you receive an
> e-mail while on
> holidays. The signature was done just before the certificate
> expired, but
> the e-amil was opened after it expired. With this additional
> feature it
> would be possible to know by fetching the current CRL whether
> the e-mail was
> signed legitimately.
>
> > I believe there is value in allowing expired certs to remain
> > on CRLs, but certainly it should be an optional feature as
> > it is not needed in all environments.
>
> True.
>
> Regards,
>
> Denis
>
> > Cheers,
> > Sharon
>
>
> BTW: my Netscape 4.7 browser is unable to display your
> message correctly.
> Next time, please use plaintext.
>
------_=_NextPart_001_01C136E2.BB501120
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35">
<TITLE>RE: Removing expired certificates from CRLs.....</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Denis, sorry for the display problem - I cut and pasted the text </FONT>
<BR><FONT SIZE=2>from the actual TC - next time I'll try to remember not to do that :-)</FONT>
</P>
<P><FONT SIZE=2>Actually, I'm second-guessing the value of the extension. I think it is </FONT>
<BR><FONT SIZE=2>generally the case that good key management would have the signing key </FONT>
<BR><FONT SIZE=2>rolled over long before the expiry date of the verification certificate so </FONT>
<BR><FONT SIZE=2>hopefully the chances of a signature being applied "just" before a certificate</FONT>
<BR><FONT SIZE=2>expired would be slim/none. If that is true, then original validation would </FONT>
<BR><FONT SIZE=2>be happening before the certificate expired. If the RP needs to be able to argue </FONT>
<BR><FONT SIZE=2>that the signature was good at that time, it shouldn't be relying on a future </FONT>
<BR><FONT SIZE=2>CRL at the time they need to do that defence because there may not be one </FONT>
<BR><FONT SIZE=2>available, regardless of whether it contains this extension or not (CAs go out </FONT>
<BR><FONT SIZE=2>of business, their policy of CRL issuance may have changed etc). If the RP needs </FONT>
<BR><FONT SIZE=2>to be able to defend the validation, it would need to retain the evidence from </FONT>
<BR><FONT SIZE=2>the time of original validation, including a timestamped copy of the signed document,</FONT>
<BR><FONT SIZE=2>CRL that was valid at the time of verification etc.</FONT>
</P>
<P><FONT SIZE=2>Sharon</FONT>
</P>
<P><FONT SIZE=2>> -----Original Message-----</FONT>
<BR><FONT SIZE=2>> From: Denis Pinkas [<A HREF="mailto:Denis.Pinkas@bull.net">mailto:Denis.Pinkas@bull.net</A>]</FONT>
<BR><FONT SIZE=2>> Sent: Thursday, September 06, 2001 10:12 AM</FONT>
<BR><FONT SIZE=2>> To: Sharon Boeyen</FONT>
<BR><FONT SIZE=2>> Cc: 'David A. Cooper'; IETF-PKIX; Hoyt Kesterson (E-mail)</FONT>
<BR><FONT SIZE=2>> Subject: Re: Removing expired certificates from CRLs.....</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Hi Sharon,</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Glad to see back on the PKIX mailing list for a short while. :-)</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > David I do remember some discussion of a new extension but </FONT>
<BR><FONT SIZE=2>> > don't recall the reason why it wasn't pursued - do you remember? </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > With the 509 meeting coming up in just a couple of weeks, </FONT>
<BR><FONT SIZE=2>> > if we reach consensus that it would be useful to add either </FONT>
<BR><FONT SIZE=2>> > a new extension or a new component to the IDP extension to indicate </FONT>
<BR><FONT SIZE=2>> > that a CRL includes revocation notices for expired certs, </FONT>
<BR><FONT SIZE=2>> > we could probably add it to the 509 WD at that meeting. </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> At this time it is more an X.509 discussion, rather than a </FONT>
<BR><FONT SIZE=2>> PKIX discussion.</FONT>
<BR><FONT SIZE=2>> Anyway, I would support in principle the idea for X.509. </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> The information could be placed either in the certificate or </FONT>
<BR><FONT SIZE=2>> in the CRL.</FONT>
<BR><FONT SIZE=2>> Placing it in the CRL has the advantage of not overloading </FONT>
<BR><FONT SIZE=2>> the certificate,</FONT>
<BR><FONT SIZE=2>> so this solution should be better. So, if the information is </FONT>
<BR><FONT SIZE=2>> placed in the</FONT>
<BR><FONT SIZE=2>> CRL, then the CRL should say something like: certificates </FONT>
<BR><FONT SIZE=2>> which have the </FONT>
<BR><FONT SIZE=2>> keyUsage bits set to XXXX are maintained on the CRL Y weeks after they</FONT>
<BR><FONT SIZE=2>> expire.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> One of the main benefits is the following: you receive an </FONT>
<BR><FONT SIZE=2>> e-mail while on</FONT>
<BR><FONT SIZE=2>> holidays. The signature was done just before the certificate </FONT>
<BR><FONT SIZE=2>> expired, but</FONT>
<BR><FONT SIZE=2>> the e-amil was opened after it expired. With this additional </FONT>
<BR><FONT SIZE=2>> feature it</FONT>
<BR><FONT SIZE=2>> would be possible to know by fetching the current CRL whether </FONT>
<BR><FONT SIZE=2>> the e-mail was</FONT>
<BR><FONT SIZE=2>> signed legitimately.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > I believe there is value in allowing expired certs to remain </FONT>
<BR><FONT SIZE=2>> > on CRLs, but certainly it should be an optional feature as </FONT>
<BR><FONT SIZE=2>> > it is not needed in all environments.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> True.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Regards,</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Denis </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > Cheers,</FONT>
<BR><FONT SIZE=2>> > Sharon</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> BTW: my Netscape 4.7 browser is unable to display your </FONT>
<BR><FONT SIZE=2>> message correctly.</FONT>
<BR><FONT SIZE=2>> Next time, please use plaintext.</FONT>
<BR><FONT SIZE=2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C136E2.BB501120--
Received: by above.proper.com (8.11.6/8.11.3) id f86EVxF29767 for ietf-pkix-bks; Thu, 6 Sep 2001 07:31:59 -0700 (PDT)
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86EVvD29760 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:31:57 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id IAA22802; Thu, 6 Sep 2001 08:31:56 -0600 (MDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id KAA03465; Thu, 6 Sep 2001 10:31:56 -0400 (EDT)
Message-ID: <3B9788C7.BA9F6DB0@sun.com>
Date: Thu, 06 Sep 2001 10:31:35 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Manger, James H" <James.H.Manger@team.telstra.com>
CC: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Logos: objection to charter revisions
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
"Manger, James H" wrote:
> You says "nobody has been able to come up with any way to fix [the
> current logo proposal]" and conclude "that it can't be fixed".
> .. but you provide fixes earlier in the same e-mail!
That will teach me to offer constructive suggestions! ;-)
> Your statement that logos should be "ignored unless all certificates in the
> path indicate that they should be supported" is just the sort of "logo
> constraint" that enables safe use of logos.
I still wouldn't call this "safe". There are other concerns that haven't
have been addressed (problems with scaling or color mapping,
accessibility concerns, etc.). But at least a "logo constraint" (or,
more accurately, a "logo enabler") would restrict use of logos to
communities that have considered these concerns and decided that they
are acceptable.
-Steve
Received: by above.proper.com (8.11.6/8.11.3) id f86EQGK29133 for ietf-pkix-bks; Thu, 6 Sep 2001 07:26:16 -0700 (PDT)
Received: from bigbird.gradient.com (bigbird.gradient.com [192.92.110.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86EQFD29129 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:26:15 -0700 (PDT)
Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <SALVYX5X>; Thu, 6 Sep 2001 10:28:30 -0400
Message-ID: <899128A30EEDD1118FC900A0C9C74A3401033C6E@bigbird.gradient.com>
From: Hal Lockhart <hal.lockhart@entegrity.com>
To: "'Bland, Graham'" <Graham.Bland@open-talk.co.uk>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>
Subject: RE: Charter Revisions, Logotype Business models
Date: Thu, 6 Sep 2001 10:28:24 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.10)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> CA Logo
> End Entity requests a certificate with or without a logotype
> included in the
> cert request as above. In this case the CA wishes to place a
> logo in the
> issued cert to indicate something; for example this is a Visa
> Cert. I do
> not see the logo reference being requested by the end entity
> in this case,
> more of it being inserted by the CA. this is the primary
> trust mechanism
> (this cert was issued by Visa) not this cert belongs to Visa.
Funny you should mention this case. It is my understanding that in many
cases today, the plastic credit card is legally the property of the issuer.
(typically the bank, but sometimes the card company) Among other things,
this makes it easier for them to demand its return under any conditions they
choose.
The PKI-related aspect of this is that some card issuers intend to issue (or
may already have issued) smartcards with secrets intented to be inaccessable
to the consumer.
Hal
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86EM8b29014 for ietf-pkix-bks; Thu, 6 Sep 2001 07:22:08 -0700 (PDT)
Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id f86EM5D29010 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:22:05 -0700 (PDT)
Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 6 Sep 2001 14:19:31 UT
Received: from spirit.dynas.se (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with SMTP id KAA17022 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 10:18:29 -0400 (EDT)
Received: (qmail 14219 invoked from network); 6 Sep 2001 14:18:28 -0000
Received: from mnystrom-lap.d.dynas.se (HELO mnystrom-lap) (172.16.13.167) by spirit.dynas.se with SMTP; 6 Sep 2001 14:18:28 -0000
Date: Thu, 6 Sep 2001 16:19:28 +0200 (W. Europe Daylight Time)
From: Magnus Nystrom <magnus@rsasecurity.com>
Reply-To: =?iso-8859-1?Q?Magnus_Nystr=F6m?= <magnus@dynas.se>
To: <ietf-pkix@imc.org>
cc: "Richards, Gareth" <GRichards@rsasecurity.com>
Subject: Polling in CMP
Message-ID: <Pine.WNT.4.31.0109061610040.1220-100000@mnystrom-lap>
X-X-Sender: magnus@spirit.dynas.se
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
All,
Going back to a topic discussed earlier this year, and after
discussions with various individuals at the recent IETF in London, we
would like to propose the attached simple extension to CMP to handle
polling. The reason for this proposal is as stated previously - we
feel that a protocol which specifies a "wait - come back later"
server status also should specify how a client should poll the server,
rather than deferring this to transport protocols.
Assume that the CMP enrollment is taking place in a browser script and
the browser may be terminated before the polling is complete. Then a
way of saving state and continuing the polling at a later date is
needed. If the polling is done in CMP then this is possible by
reissuing the request or whatever but if it is done by the transport
layer then it does not seem clear how this is going to be done.
Thanks to Amit Kapoor for the original proposal regarding these
messages.
BR,
-- Magnus
Magnus Nystrom
RSA Security
--------------------------------------------------------------------------
pollReq [25] PollReqContent
pollRep [26] PollRepContent
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason [0] PKIFreeText OPTIONAL
}
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER
}
1. It is assumed that multiple certConf messages can be sent during
the transaction. There will be one sent in response to each ip, cp or kup
containing a CertStatus for each approved certificate. If a
single certConf must be sent for the transaction then it is possible that the
confirmWaitTime (rfc2510bis section 3.1.1.2) of the first certificate will have
expired before the second cert pickup has take place.
2. In response to an ip, cp or kup message, an EE will send a certConf for all
approved certificates and following the ack, a pollReq for all pending certificates.
2. In respose to a pollReq, a CA/RA will return a ip, cp or kup if one or more
of the pending certificates is ready otherwise it will return a pollRep.
3. If the EE receives a pollRep in return, it will wait for at least the lowest
checkAfter value before sending another pollReq.
4. If an ip, cp or kup is received in reply to a pollReq then it will be treated in
the same way as the initial response.
Start
|
|
\/
Send ir
|
| ip
|
\/
Check status
of of returned <----------------------------------|
certs. |
| |
|----------------------------->|<-----------------------| |
| | | |
| \/ | |
approved waiting |
Add to conf list <---------- Check CertResponse --------> Add to pending list |
/\ |
conf list / \Empty conf list |
/ \ ip |
/ \ --------------------------------|
Empty pending / \ |
list / \ | pRep
End <--------- Send certConf Send pReq-------------- Wait
| /\ /\ |
| | | |
------------------- -------------------
Pending list Wait
In the following exchange, the end entity is enroling for two certificates in one request.
Step End Entity PKI
-------------------------------------------------------------------
1 Format ir
2 -> ir ->
3 Handle ir
4 Manual intervention is
required for both certs.
5 <- ip <-
6 Process ip
7 Format pReq
8 -> pReq ->
9 Check status of certificate requests
10 Certificates not ready
11 Format pRep
12 <- pRep <-
13 Wait
14 Format pReq
15 -> pReq ->
16 Check status of certificate requests
17 One certificate is ready
18 Format ip
19 <- ip <-
20 Handle ip
21 Format certConf
22 -> certConf ->
23 Handle certConf
24 Format ack
25 <- pkiConf <-
26 Format pReq
27 -> pReq ->
28 Check status of certificate
29 Certificate is ready
30 Format ip
31 <- ip <-
31 Handle ip
32 Format certConf
33 -> certConf ->
34 Handle certConf
35 Format ack
36 <- pkiConf <-
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86ECOc28582 for ietf-pkix-bks; Thu, 6 Sep 2001 07:12:24 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86ECMD28571 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 07:12:22 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA23248; Thu, 6 Sep 2001 16:14:19 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id QAA04586; Thu, 6 Sep 2001 16:11:43 +0200
Message-ID: <3B978422.493FED34@bull.net>
Date: Thu, 06 Sep 2001 16:11:46 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Sharon Boeyen <sharon.boeyen@entrust.com>
CC: "'David A. Cooper'" <david.cooper@nist.gov>, IETF-PKIX <ietf-pkix@imc.org>, "Hoyt Kesterson (E-mail)" <hoytkesterson@earthlink.net>
Subject: Re: Removing expired certificates from CRLs.....
References: <9A4F653B0A375841AC75A8D17712B9C9B27320@sottmxs04.entrust.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi Sharon,
Glad to see back on the PKIX mailing list for a short while. :-)
> David I do remember some discussion of a new extension but
> don't recall the reason why it wasn't pursued - do you remember?
> With the 509 meeting coming up in just a couple of weeks,
> if we reach consensus that it would be useful to add either
> a new extension or a new component to the IDP extension to indicate
> that a CRL includes revocation notices for expired certs,
> we could probably add it to the 509 WD at that meeting.
At this time it is more an X.509 discussion, rather than a PKIX discussion.
Anyway, I would support in principle the idea for X.509.
The information could be placed either in the certificate or in the CRL.
Placing it in the CRL has the advantage of not overloading the certificate,
so this solution should be better. So, if the information is placed in the
CRL, then the CRL should say something like: certificates which have the
keyUsage bits set to XXXX are maintained on the CRL Y weeks after they
expire.
One of the main benefits is the following: you receive an e-mail while on
holidays. The signature was done just before the certificate expired, but
the e-amil was opened after it expired. With this additional feature it
would be possible to know by fetching the current CRL whether the e-mail was
signed legitimately.
> I believe there is value in allowing expired certs to remain
> on CRLs, but certainly it should be an optional feature as
> it is not needed in all environments.
True.
Regards,
Denis
> Cheers,
> Sharon
BTW: my Netscape 4.7 browser is unable to display your message correctly.
Next time, please use plaintext.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86DfnV27540 for ietf-pkix-bks; Thu, 6 Sep 2001 06:41:49 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86DfjD27536 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 06:41:46 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SM1TAMTG>; Thu, 6 Sep 2001 09:41:40 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B27320@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'Ryan Hurst'" <ryanh@valicert.com>, "'David A. Cooper'" <david.cooper@nist.gov>, IETF-PKIX <ietf-pkix@imc.org>
Cc: "Hoyt Kesterson (E-mail)" <hoytkesterson@earthlink.net>
Subject: RE: Removing expired certificates from CRLs.....
Date: Thu, 6 Sep 2001 09:41:38 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C136D9.A750D460"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C136D9.A750D460
Content-Type: text/plain
David I do remember some discussion of a new extension but don't recall the
reason why it wasn't pursued - do you remember?
With the 509 meeting coming up in just a couple of weeks, if we reach
consensus that it would be useful to add either a new extension or a new
component to the IDP extension to indicate that a CRL includes revocation
notices for expired certs, we could probably add it to the 509 WD at that
meeting.
I believe there is value in allowing expired certs to remain on CRLs, but
certainly it should be an optional feature as it is not needed in all
environments.
Cheers,
Sharon
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Thursday, September 06, 2001 1:16 AM
To: 'David A. Cooper'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
David -
Although my confusion on this issue has been cleared up (note to
self; always verify your sources) now; this brings up a very interesting
point. I and others I have spoken with believe that the addition of such an
extension (one that states that the CRL contains ALL revocation entries both
current and expired) would be very valuable.
Consider this problem, today I receive a digitally signed and time stamped
document (a contract possibly), this document was signed by a certificate
issued off of any number of commercial CA's that exist today. 10 years later
the document is in question and I need to establish that the certificate
associated with the signature on the document was valid at the time it was
signed; there are several significant possibilities here:
1. CA in question has CRLNumber extension in all of their CRLs and they
are all available
2. CA in question does not have the CRLNumber in all CRLS or just a
subset
Now in #1 the problem is relatively easy, I find all CRLs that were valid
during my window and of those I pick the one that has the highest CRLnumber.
An extension like this would be "use-full" in this case but not necessary.
In #2 the problem gets, well unsolvable; Since there are no ways to
determine if I have all of the CRLs that are within my window (remember
validity windows on CRLs can overlap so the ones within the overlapped
window that state the certificate is revoked could be "lost") I will never
now if the certificate was valid at the time in question. Now if the CRLs
that were generated contained all entries and were marked as such with an
extension I would have a mechanism to solve this problem; simply get the
most recent CRL.
Ryan
-----Original Message-----
From: David A. Cooper [mailto:david.cooper@nist.gov]
Sent: Wednesday, September 05, 2001 7:39 AM
To: IETF-PKIX
Subject: Re: Removing expired certificates from CRLs.....
At 03:53 PM 9/5/01 +0200, Nada Kapidzic Cicovic wrote:
Denis,
I was making comments on the text which Ryan extracted in his mail, assuming
that they were from the son-of-RFC2459.
In particular the last sentence in this paragraph:
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
However, after getting your comment I realized that this sentence and the
referred section 8.6.2.2 comes from the X.509 (the latest version that I
have on my disk is X_509_4thEditionDraftV6, and it contains the above text).
I have X_509_4thEditionDraftV8 on my computer and it appears that this has
been fixed. I now says "After a certificate appears on a CRL, it may be
deleted from a subsequent CRL after the certificate's expiry." I didn't
bother to look at son-of-2459.
In any case, both X.509 and son-of-2459 should say that a certificate may be
deleted from a CRL after it has expired. In general, though, I don't think
there is much benefit to leaving expired certificates on CRLs. The problem
is that, at the moment, if an expired certificate is not listed on a CRL,
there is no way to determine whether it is not listed because it was never
revoked or if it was revoked but is not listed because it was removed after
expiration.
Some time ago, there was a suggestion to create a new, non-critical CRL
extension that would specify whether an expired certificate was covered by a
CRL (e.g., the extension could state: "This CRL includes all revoked
certificates that expire(d) after Jan. 1, 2001 (i.e., notAfter >=
010101000000Z)."). There didn't seem to be much support for this idea, so
the extension was never created.
The current text of the son-of-RFC2459 does not seem to contain it or any
other misleading sentences regarding this issue.
Sorry for the confusion.
Nada
------_=_NextPart_001_01C136D9.A750D460
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META content=3DWord.Document name=3DProgId>
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20
href=3D"cid:filelist.xml@01C13659.21A03020" =
rel=3DFile-List><o:SmartTagType=20
name=3D"time"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"date"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>st1\:* {
BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: SimSun;
}
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: \@SimSun;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; =
mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; =
}
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.EmailStyle17 {
COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply; =
mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; mso-bidi-font-size: =
10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; =
mso-bidi-font-family: Arial
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
SPAN.GramE {
mso-style-name: ""; mso-gram-e: yes
}
DIV.Section1 {
page: Section1
}
OL {
MARGIN-BOTTOM: 0in
}
UL {
MARGIN-BOTTOM: 0in
}
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=3DEN-US style=3D"tab-interval: .5in" vLink=3Dpurple =
link=3Dblue>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff size=3D2>David=20
I do remember some discussion of a new extension but don't recall the =
reason why=20
it wasn't pursued - do you remember? </FONT></SPAN></DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff size=3D2>With=20
the 509 meeting coming up in just a couple of weeks, if we reach =
consensus that=20
it would be useful to add either a new extension or a new component to =
the IDP=20
extension to indicate that a CRL includes revocation notices for =
expired certs,=20
we could probably add it to the 509 WD at that meeting. =
</FONT></SPAN></DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
believe there is value in allowing expired certs to remain on CRLs, but =
certainly it should be an optional feature as it is not needed in all=20
environments.</FONT></SPAN></DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=3D418303813-06092001><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>Sharon</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Ryan Hurst=20
[mailto:ryanh@valicert.com]<BR><B>Sent:</B> Thursday, September 06, =
2001 1:16=20
AM<BR><B>To:</B> 'David A. Cooper'; IETF-PKIX<BR><B>Subject:</B> RE: =
Removing=20
expired certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">David=20
-<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><SPAN=20
style=3D"mso-tab-count: =
1"> =20
</SPAN>Although my confusion on this issue has been cleared up (note =
to self;=20
always verify your sources) now; this brings up a very interesting =
point. I=20
and others I have spoken with believe that the addition of such an =
extension=20
(one that states that the CRL contains ALL revocation entries both =
current and=20
expired) would be very valuable. <o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Consider =
this=20
problem, today I receive a digitally signed and time stamped document =
(a=20
contract possibly), this document was signed by a certificate issued =
off of=20
any number of commercial CA's that exist today. 10 years later the =
document is=20
in question and I need to establish that the certificate associated =
with the=20
signature on the document was valid at the time it was signed; there =
are=20
several significant possibilities here:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<OL style=3D"mso-margin-top-alt: 0in" type=3D1>
<LI class=3DMsoNormal=20
style=3D"COLOR: navy; mso-list: l0 level1 lfo1; tab-stops: list =
.5in"><FONT=20
face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">CA in question has =
<SPAN=20
class=3DSpellE>CRLNumber</SPAN> extension in all of their <SPAN=20
class=3DSpellE>CRLs</SPAN> and they are all =
available<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal=20
style=3D"COLOR: navy; mso-list: l0 level1 lfo1; tab-stops: list =
.5in"><FONT=20
face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">CA in question does =
not have the=20
<SPAN class=3DSpellE>CRLNumber</SPAN> in all CRLS or just a=20
subset<o:p></o:p></SPAN></FONT> </LI></OL>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Now in #1 =
the problem=20
is relatively easy, I find all <SPAN class=3DSpellE>CRLs</SPAN> that =
were valid=20
during my window and of those I pick the one that has the highest =
<SPAN=20
class=3DSpellE>CRLnumber</SPAN>. An extension like this would be =
"use-full" in=20
this case but not necessary.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">In #2 the =
problem=20
gets, well unsolvable; Since there are no ways to determine if I have =
all of=20
the <SPAN class=3DSpellE>CRLs</SPAN> that are within my window =
(remember=20
validity windows on <SPAN class=3DSpellE>CRLs</SPAN> can overlap so =
the ones=20
within the overlapped window that state the certificate is revoked =
could be=20
"lost") I will never now if the certificate was valid at the time in =
question.=20
Now if the <SPAN class=3DSpellE>CRLs</SPAN> that were generated =
contained all=20
entries and were marked as such with an extension I would have a =
mechanism to=20
solve this problem; simply get the most recent=20
CRL.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial">Ryan<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3DTahoma =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original=20
Message-----<BR><B><SPAN style=3D"FONT-WEIGHT: bold">From:</SPAN></B> =
David A.=20
Cooper [mailto:david.cooper@nist.gov] <BR><B><SPAN=20
style=3D"FONT-WEIGHT: bold">Sent:</SPAN></B> </SPAN></FONT><st1:date =
Year=3D"2001"=20
Day=3D"5" Month=3D"9"><FONT face=3DTahoma size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Wednesday, September =
05,=20
2001</SPAN></FONT></st1:date><FONT face=3DTahoma size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> =
</SPAN></FONT><st1:time=20
Minute=3D"39" Hour=3D"7"><FONT face=3DTahoma size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">7:39=20
AM</SPAN></FONT></st1:time><FONT face=3DTahoma size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN=20
style=3D"FONT-WEIGHT: bold">To:</SPAN></B> IETF-PKIX<BR><B><SPAN=20
style=3D"FONT-WEIGHT: bold">Subject:</SPAN></B> Re: Removing expired=20
certificates from CRLs.....</SPAN></FONT></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN style=3D"FONT-SIZE: 12pt">At </SPAN></FONT><st1:time =
Minute=3D"53"=20
Hour=3D"15">03:53 PM</st1:time> <st1:date Year=3D"2001" Day=3D"5"=20
Month=3D"9">9/5/01</st1:date> +0200, Nada Kapidzic Cicovic wrote:<BR=20
style=3D"mso-special-character: line-break"><![if =
!supportLineBreakNewLine]><BR=20
style=3D"mso-special-character: line-break"><![endif]><o:p></o:p></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN style=3D"FONT-SIZE: 12pt">Denis,<BR><BR>I was making =
comments on=20
the text which Ryan extracted in his mail, assuming that they were =
from the=20
son-of-RFC2459.<BR><BR>In particular the last sentence in this=20
paragraph:<BR><BR>The </SPAN></FONT><B><FONT size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt">distributionPoint=20
</SPAN></FONT></B>component contains the name of the distribution =
point in one=20
or more name forms. If this field is absent, the CRL shall contain =
entries for=20
all revoked certificates issued by the CRL issuer. <B><I><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-STYLE: italic">After a certificate =
appears on a=20
CRL, it is deleted from a subsequent CRL after the certificate's=20
expiry.<BR><BR></SPAN></I></B>However, after getting your comment I =
realized=20
that this sentence and the referred section 8.6.2.2 comes from the =
X.509 (the=20
latest version that I have on my disk is X_509_4thEditionDraftV6, and =
it=20
contains the above text). <o:p></o:p></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN style=3D"FONT-SIZE: 12pt"><BR>I have =
X_509_4thEditionDraftV8 on my=20
computer and it appears that this has been fixed. I now says "After a =
certificate appears on a CRL, it <B><SPAN style=3D"FONT-WEIGHT: =
bold">may=20
be</SPAN></B> deleted from a subsequent CRL after the certificate's=20
expiry." I didn't bother to look at son-of-2459.<BR><BR>In any =
case,=20
both X.509 and son-of-2459 should say that a certificate may be =
deleted from a=20
CRL after it has expired. In general, though, I don't think =
there is=20
much benefit to leaving expired certificates on CRLs. The =
problem is=20
that, at the moment, if an expired certificate is not listed on a =
CRL, there=20
is no way to determine whether it is not listed because it was never =
revoked=20
or if it was revoked but is not listed because it was removed after=20
expiration.<BR><BR>Some time ago, there was a suggestion to create a =
new,=20
non-critical CRL extension that would specify whether an expired =
certificate=20
was covered by a CRL (e.g., the extension could state: "This CRL =
includes all=20
revoked certificates that expire(d) after </SPAN></FONT><st1:date =
Year=3D"2001"=20
Day=3D"1" Month=3D"1">Jan. 1, 2001</st1:date> (i.e., notAfter >=3D =
010101000000Z)."). There didn't seem to be much support for this =
idea, so the=20
extension was never created.<BR><BR style=3D"mso-special-character: =
line-break"><![if !supportLineBreakNewLine]><BR=20
style=3D"mso-special-character: line-break"><![endif]><o:p></o:p></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN style=3D"FONT-SIZE: 12pt">The current text of the =
son-of-RFC2459=20
does not seem to contain it or any other misleading sentences =
regarding this=20
issue. <BR><BR>Sorry for the=20
confusion.<BR><BR>Nada<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><FONT face=3D"Times =
New Roman"=20
size=3D3><SPAN=20
style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTM=
L>
------_=_NextPart_001_01C136D9.A750D460--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86DOsp26434 for ietf-pkix-bks; Thu, 6 Sep 2001 06:24:54 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86DOoD26428 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 06:24:50 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SM1TAML2>; Thu, 6 Sep 2001 09:24:44 -0400
Message-ID: <9A4F653B0A375841AC75A8D17712B9C9B2731F@sottmxs04.entrust.com>
From: Sharon Boeyen <sharon.boeyen@entrust.com>
To: "'IETF-PKIX'" <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Thu, 6 Sep 2001 09:24:43 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C136D7.4A4096E0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C136D7.4A4096E0
Content-Type: text/plain;
charset="iso-8859-1"
There was a problem with my initial attempt to send this to the list, so I
am resending it.
Sharon
-----Original Message-----
From: Sharon Boeyen
Sent: Wednesday, September 05, 2001 1:36 PM
To: 'Flynn, Michael'; 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
I suspect some of the PKIX text was never updated to reflect the successful
ballot on the X.509 defect report that fixed this in the base X.509 text.
The approved TC for the defect (DR 204) corrected this problem by making the
following changes to X.509 (97).
Clause 12.6.3.1
In the first sentence following the ASN.1, delete "unexpired"
Add the following as a new second sentence in the first paragraph following
the ASN.1
"After a certificate appears on a CRL, it may be deleted from a subsequent
CRL after the certificate's expiry."
Cheers,
Sharon
-----Original Message-----
From: Flynn, Michael [mailto:MFlynn@verisign.com]
Sent: Wednesday, September 05, 2001 1:03 PM
To: 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
------_=_NextPart_001_01C136D7.4A4096E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3DWord.Document name=3DProgId>
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20
href=3D"cid:filelist.xml@01C13583.EFC4BB00" =
rel=3DFile-List><o:SmartTagType=20
name=3D"PersonName"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>st1\:* {
BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: SimSun;
}
@font-face {
font-family: \@SimSun;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; =
mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; =
}
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: SimSun
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: =
personal-compose; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; =
mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; =
mso-hansi-font-family: Arial; mso-bidi-font-family: Arial
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
SPAN.GramE {
mso-style-name: ""; mso-gram-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=3DEN-US style=3D"tab-interval: .5in" vLink=3Dpurple =
link=3Dblue>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D347082413-06092001>There=20
was a problem with my initial attempt to send this to the list, so I am =
resending it.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D347082413-06092001></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D347082413-06092001>Sharon</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Sharon Boeyen=20
<BR><B>Sent:</B> Wednesday, September 05, 2001 1:36 PM<BR><B>To:</B> =
'Flynn,=20
Michael'; 'Ryan Hurst'; IETF-PKIX<BR><B>Subject:</B> RE: Removing =
expired=20
certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV><SPAN class=3D054173117-05092001><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
suspect some of the PKIX text was never updated to reflect the =
successful=20
ballot on the X.509 defect report that fixed this in the base =
X.509 text.=20
The approved TC for the defect (DR 204) corrected this problem by =
making the=20
following changes to X.509 (97).</FONT></SPAN></DIV>
<DIV><SPAN class=3D054173117-05092001></SPAN> </DIV>
<DIV><SPAN class=3D054173117-05092001> </DIV>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.55pt"><B=20
style=3D"mso-bidi-font-weight: normal">Clause =
12.6.3.1<o:p></o:p></B></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: =
0.5in"> <o:p></o:p></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal">In the first sentence following =
the ASN.1,=20
delete “unexpired”<o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal"> <o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: 0.5in"><I=20
style=3D"mso-bidi-font-style: normal">Add the following as a new =
second sentence=20
in the first paragraph following the ASN.1<o:p></o:p></I></P>
<P class=3DMsoNormal style=3D"MARGIN-LEFT: =
0.5in"> <o:p></o:p></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Times New =
Roman'">“After a certificate=20
appears on a CRL, it may be deleted from a subsequent CRL after the=20
certificate’s expiry.”<o:p></o:p></SPAN></P>
<DIV> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><SPAN class=3D054173117-05092001><FONT=20
color=3D#0000ff>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=3D054173117-05092001><FONT=20
color=3D#0000ff>Sharon</FONT></SPAN></DIV>
<DIV><FONT color=3D#0000ff></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff =
2px solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Flynn, Michael=20
[mailto:MFlynn@verisign.com]<BR><B>Sent:</B> Wednesday, September =
05, 2001=20
1:03 PM<BR><B>To:</B> 'Ryan Hurst'; IETF-PKIX<BR><B>Subject:</B> =
RE:=20
Removing expired certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New"=20
size=3D2>Ryan,</FONT></SPAN></DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D537505516-05092001><FONT face=3D"Courier New" =
size=3D2>Ryan=20
wrote::</DIV>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it =
makes sense to=20
remove certificates that are expired from <SPAN =
class=3DSpellE>CRLs</SPAN> to=20
control size, yes this has a negative point specifically it =
prevents <SPAN=20
class=3DSpellE>CRLs</SPAN> from being used as a non-repudiation =
source; but=20
this is mute due to many other issues.</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"></SPAN></FONT> </P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001>At least regarding removing expired =
certs from=20
CRLs, I would think that non-repudiation can be satisfied by =
keeping the old=20
CRLs in back up storage for some length of time. That time =
being how=20
far back in time a contract dispute might go; ten years, twenty? =
So=20
long as you could get them off tape for the lawyers to look =
at the=20
legal process would be satisfied, they don't need to be online=20
forever. </SPAN></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001></SPAN></o:p></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001></SPAN></o:p></SPAN> </P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
class=3D537505516-05092001>Michael</SPAN></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN=20
=
class=3D537505516-05092001></SPAN></o:p></SPAN> </P></FONT></SPAN>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 =
2px solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Ryan Hurst=20
[mailto:ryanh@valicert.com]<BR><B>Sent:</B> Tuesday, September =
04, 2001=20
8:50 PM<BR><B>To:</B> IETF-PKIX<BR><B>Subject:</B> Removing =
expired=20
certificates from CRLs.....<BR><BR></FONT></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I was speaking with =
</SPAN></FONT><st1:PersonName><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Peter=20
Williams</SPAN></FONT></st1:PersonName><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> today about the =
removal of=20
expired certificates from <SPAN class=3DSpellE>CRLs</SPAN>; I =
have always=20
been under the belief that this behavior was optional, I vaguely=20
remembered reading text in 2459 along those lines; additionally I =
know of=20
several commercial <SPAN class=3DSpellE>CAs</SPAN> that do not =
remove the=20
expired certificates from their <SPAN class=3DSpellE>CRLs</SPAN>. =
Peter on=20
the other hand was under the impression that it was a mandate to =
remove=20
<SPAN class=3DSpellE>CRLs</SPAN>; he too remembered reading text =
in 2459 to=20
support is position.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">So we each pulled =
out the RFC=20
and found that we were both right! Specifically both sections 3.3 =
and=20
8.6.2.2 have text on this subject:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt =
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt =
732.8pt; mso-layout-grid-align: none"><SPAN=20
class=3DGramE><B style=3D"mso-bidi-font-weight: normal"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; =
mso-bidi-font-weight: normal">3.3<SPAN=20
style=3D"mso-spacerun: yes"> =20
</SPAN>Revocation</SPAN></FONT></B></SPAN><B=20
style=3D"mso-bidi-font-weight: normal"><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; =
mso-bidi-font-weight: normal"><o:p></o:p></SPAN></FONT></B></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt =
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt =
732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">When a=20
certificate is issued, it is expected to be in use for its entire =
validity=20
period.<SPAN style=3D"mso-spacerun: yes"> </SPAN>However, =
various=20
circumstances may cause a certificate to become invalid prior to =
the=20
expiration of the validity period.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt =
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt =
732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal=20
style=3D"tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt =
320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt =
732.8pt; mso-layout-grid-align: none"><FONT=20
face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">An=20
entry is added to the CRL as part of the next update following=20
notification of revocation. <B><I><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-STYLE: italic">An entry may be =
removed from=20
the CRL after appearing on one regularly scheduled CRL issued =
beyond the=20
revoked certificate's validity=20
period.</SPAN></I></B><o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: =
none"><B><FONT face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">8.6.2.2=20
Issuing distribution point =
extension<o:p></o:p></SPAN></FONT></B></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">This =
CRL=20
extension field identifies the CRL distribution point for this =
particular=20
CRL, and indicates if the CRL is limited to revocations for =
end-entity=20
certificates only, for authority certificates only, or for a =
limited set=20
of reasons only. The CRL is signed by the CRL issuer's key- CRL=20
distribution points do not have their own key pairs. However, for =
a CRL=20
distributed via the Directory, the CRL is stored in the entry of =
the CRL=20
distribution point, which may not be the directory entry of the =
CRL=20
issuer.<I><SPAN style=3D"FONT-STYLE: italic"> <B><SPAN=20
style=3D"FONT-WEIGHT: bold">If this field is absent, the CRL =
shall contain=20
entries for all revoked <SPAN class=3DSpellE>unexpired</SPAN> =
certificates=20
issued by the CRL=20
issuer.</SPAN></B><o:p></o:p></SPAN></I></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: =
none"><I><FONT face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-STYLE: italic; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></I></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
color=3Dblue size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">The=20
</SPAN></FONT><SPAN class=3DSpellE><B><FONT face=3DArial =
size=3D1><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: =
Arial">distributionPoint</SPAN></FONT></B></SPAN><B><FONT=20
face=3DArial size=3D1><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial">=20
</SPAN></FONT></B><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">component contains =
the name of=20
the distribution point in one or more name forms. If this field =
is absent,=20
the CRL shall contain entries for all revoked certificates issued =
by the=20
CRL issuer. <B><I><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-STYLE: italic">After a =
certificate appears=20
on a CRL, it is deleted from a subsequent CRL after the =
certificate's=20
expiry.<o:p></o:p></SPAN></I></B></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Although section =
8.6.2.2 is=20
specifically in regards to <SPAN class=3DSpellE>CRLdps</SPAN>, =
any=20
difference between full <SPAN class=3DSpellE>CRLs</SPAN> and =
<SPAN=20
class=3DSpellE>CRLdps</SPAN> in this case I feel would be an =
arbitrary one.=20
<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it =
makes sense=20
to remove certificates that are expired from <SPAN=20
class=3DSpellE>CRLs</SPAN> to control size, yes this has a =
negative point=20
specifically it prevents <SPAN class=3DSpellE>CRLs</SPAN> from =
being used as=20
a non-repudiation source; but this is mute due to many other=20
issues.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">That being the case =
I think;=20
and I believe Peter would agree the correct thing to do is to =
remove these=20
expired/revoked entries from the CRL. =
<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">The question now is =
what is=20
the PKIX stance on this matter?<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Ryan M.=20
Hurst<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">ValiCert,=20
Inc.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<BLOCKQUOTE style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=3DMsoNormal><I><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: 12pt; FONT-STYLE: italic; mso-no-proof: =
yes">"It may=20
roundly be asserted that human ingenuity cannot concoct a =
cipher which=20
human ingenuity cannot resolve."</SPAN></FONT></I><SPAN=20
style=3D"mso-no-proof: yes"><o:p></o:p></SPAN></P></BLOCKQUOTE>
<BLOCKQUOTE style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=3DMsoNormal><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: 12pt; mso-no-proof: yes">-Edgar Allan=20
Poe</SPAN><o:p></o:p></FONT></P></BLOCKQUOTE>
<P class=3DMsoNormal><FONT face=3D"Times New Roman" =
size=3D3><SPAN=20
style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BLOCKQUOTE=
></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C136D7.4A4096E0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86B2sV18484 for ietf-pkix-bks; Thu, 6 Sep 2001 04:02:54 -0700 (PDT)
Received: from claudio.bib.co.uk (gateway.bib.co.uk [195.171.24.2]) by above.proper.com (8.11.6/8.11.3) with SMTP id f86B2rD18476 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 04:02:53 -0700 (PDT)
Received: from 127.0.0.1 by claudio.bib.co.uk (InterScan E-Mail VirusWall NT); Thu, 06 Sep 2001 12:02:49 +0100
Received: by claudio with Internet Mail Service (5.5.2653.19) id <SKNCJTL6>; Thu, 6 Sep 2001 12:02:49 +0100
Message-ID: <36086CC80304D3119B040008C75DF596095F2105@claudio>
From: "Bland, Graham" <Graham.Bland@open-talk.co.uk>
To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>
Subject: Charter Revisions, Logotype Business models
Date: Thu, 6 Sep 2001 12:02:48 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This is a multi-part message in MIME format.
--------------InterScan_NT_MIME_Boundary
Content-Type: text/plain;
charset="iso-8859-1"
To clear up some of the Logotype discussions in my mind is it possible to
define some business models which they are trying to support, without a
clear understanding of these models the detailed discussions seem moot.
As I understand it the primary motivation for Logotype is to allow the
display of a recognisable visual cue(s) to aid the end user of the cert to
make a trust decision.
Here are some examples for discussion, please feel free to tear them to bits
and add others:
End Entity Logo
End entity requests a certificate with a logotype included in the cert
request. This only applies to the EE cert and for example is a company
logo. The use of the logo is designed to convey that the certificate holder
is a representative of the organisation, as such the validation of the
requested logo by the CA is similar to the process for the DN.
CA Logo
End Entity requests a certificate with or without a logotype included in the
cert request as above. In this case the CA wishes to place a logo in the
issued cert to indicate something; for example this is a Visa Cert. I do
not see the logo reference being requested by the end entity in this case,
more of it being inserted by the CA. this is the primary trust mechanism
(this cert was issued by Visa) not this cert belongs to Visa. Other
examples are numerous, such as this is a Verisign SSL server cert.
Logo Hierarchy
The CA logo example above could also be identified by Logos in the issuing
cert, this would require the display of a hierarchy of logos which would be
an output of DPD/DPV ?. These may be complete or incomplete if for example
not all certs in the chain contain logos.
Also the Logo would get more complex, do we need the logo to indicate the
difference between Verisign Class1, Class 2 etc. certs or would it just be
the same Verisign Logo in all of them.
Some other questions on the requirements:
Are there circumstances where a cert could contain multiple EE Logos such as
a well known division of a conglomerate could conceivably contain more than
one, for example Volkswagen owns Rolls Royce.
If a hierarchy of Logos are displayed how is this conveyed to the end user
or is just the logo in the EE cert displayed?
> Graham Bland
> Security Designer
> Open....
> 34-35 Farringdon Street London EC4A 4HJ
> Tel: 020 7332 6411 Fax: 020 7332 7100
> E Mail graham.bland@open-talk.co.uk
>
>
--------------InterScan_NT_MIME_Boundary
Content-Type: text/plain;
name="Open_Interactive_Disclaimer.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Open_Interactive_Disclaimer.txt"
This message is confidential and is intended for the addressee only; unless clearly
stated that this disclaimer should not apply, this e-mail is not intended to create legally
binding commitments on behalf of any company in the British Interactive Broadcasting
Holding Limited group, nor do its contents reflect the corporate views or policies of any
such company. Any unauthorised disclosure, use or dissemination, either whole or
partial, is prohibited. If you are not the intended recipient of the message, please notify
the sender immediately.
--------------InterScan_NT_MIME_Boundary--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f8693Bj11702 for ietf-pkix-bks; Thu, 6 Sep 2001 02:03:11 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f8693AD11696 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 02:03:10 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA21194 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 11:05:09 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id LAA16794 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 11:02:34 +0200
Message-ID: <3B973BAD.ACB38E34@bull.net>
Date: Thu, 06 Sep 2001 11:02:37 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
CC: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Logos: objection to charter revisions
References: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
After seeing all that discussion about logos, I realized that we had
a solution (i.e. the draft writen by Stefan) for an unknown problem.
1) Are logos to be used in server certificates ?
If so, what would be their intended meaning ?
2) Are logos to be used in human-user certificates ?
If so, what would be their intended meaning ?
3) Are logos to be used in CA certificates ?
If so, what would be their intended meaning ?
4) Are logos to be used in self-signed certificates ?
If so, what would be their intented meaning ?
I do not think that the meaning and the use of the logo information will
necessarilly be the same for all of the above cases.
If that topic is going to stay on the charter, before we define a solution
we should first define the requirements. So an INFORMATIONAL RFC on the
requirements should be the first step. This Informational RFC should at
least answer to the questions raised above.
Denis
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f868JMQ06838 for ietf-pkix-bks; Thu, 6 Sep 2001 01:19:22 -0700 (PDT)
Received: from webo.vtcif.telstra.com.au (webo.vtcif.telstra.com.au [202.12.144.19]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f868JKD06833 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 01:19:20 -0700 (PDT)
Received: (from uucp@localhost) by webo.vtcif.telstra.com.au (8.8.2/8.6.9) id SAA16874 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 18:19:14 +1000 (EST)
Received: from maili.vtcif.telstra.com.au(202.12.142.17) via SMTP by webo.vtcif.telstra.com.au, id smtpdLyHyD_; Thu Sep 6 18:19:05 2001
Received: (from uucp@localhost) by maili.vtcif.telstra.com.au (8.8.2/8.6.9) id SAA15370 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 18:19:04 +1000 (EST)
Received: from localhost(127.0.0.1), claiming to be "mail.cdn.telstra.com.au" via SMTP by localhost, id smtpdn9bCm_; Thu Sep 6 18:19:02 2001
Received: from ntmsg0028.corpmail.telstra.com.au (ntmsg0028.corpmail.telstra.com.au [192.168.174.24]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id SAA25770 for <ietf-pkix@imc.org>; Thu, 6 Sep 2001 18:19:02 +1000 (EST)
Received: by ntmsg0028.corpmail.telstra.com.au with Internet Mail Service (5.5.2653.19) id <SHBL2A13>; Thu, 6 Sep 2001 19:15:03 +1100
Message-ID: <73388857A695D31197EF00508B08F29802D2588E@ntmsg0131.corpmail.telstra.com.au>
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: "PKIX (E-mail)" <ietf-pkix@imc.org>
Subject: RE: Logos: objection to charter revisions
Date: Thu, 6 Sep 2001 19:14:58 +1100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve Hanna,
You says "nobody has been able to come up with any way to fix [the current
logo proposal]" and conclude "that it can't be fixed". .. but you provide
fixes earlier in the same e-mail!
Your statement that logos should be "ignored unless all certificates in the
path indicate that they should be supported" is just the sort of "logo
constraint" that enables safe use of logos.
One good reason for looking at logos is that it focuses attention on the
limitations of the current name constraints mechanism. Name constraints
should be able to deal with new name forms and with non-hierarchical name
forms (logos are both), but the current extension cannot. Name constraints
should, for instance, be able to exclude names of specified types or only
permit names of specified types. [Another problem with the current name
constraints is that the "constraints" have to use the same syntax as the
"name", which is not always appropriate.]
> ----------
> From: Steve Hanna [mailto:steve.hanna@sun.com]
> Sent: Thursday, 6 September 2001 7:36
>
..I, for one, would be much more comfortable if logotypes were
ignored unless all certificates in the path indicate that they should be
supported..
..provide similar text warning that logotypes in certificates should
not be scaled or mapped to different colors before display. If this
requirement cannot be met, the certificate should be treated as if it did
not contain the logotype.
..the proposal is demonstrably flawed (although this is subject to
some debate). Nobody has been able to come up with any way to fix it. My
conclusion is that it can't be fixed.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f865MEM14986 for ietf-pkix-bks; Wed, 5 Sep 2001 22:22:14 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f865MDD14981 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 22:22:13 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ800A016Y52X@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 5 Sep 2001 22:22:53 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ8009I36Y4QX@ext-mail.valicert.com>; Wed, 05 Sep 2001 22:22:53 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KWBSL>; Wed, 05 Sep 2001 22:15:48 -0700
Content-return: allowed
Date: Wed, 05 Sep 2001 22:15:47 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'David A. Cooper'" <david.cooper@nist.gov>, IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE23F@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_JkgCqYPxPr3/zzS1dial1Q)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_JkgCqYPxPr3/zzS1dial1Q)
Content-type: text/plain
David -
Although my confusion on this issue has been cleared up (note to
self; always verify your sources) now; this brings up a very interesting
point. I and others I have spoken with believe that the addition of such an
extension (one that states that the CRL contains ALL revocation entries both
current and expired) would be very valuable.
Consider this problem, today I receive a digitally signed and time stamped
document (a contract possibly), this document was signed by a certificate
issued off of any number of commercial CA's that exist today. 10 years later
the document is in question and I need to establish that the certificate
associated with the signature on the document was valid at the time it was
signed; there are several significant possibilities here:
1. CA in question has CRLNumber extension in all of their CRLs and they
are all available
2. CA in question does not have the CRLNumber in all CRLS or just a
subset
Now in #1 the problem is relatively easy, I find all CRLs that were valid
during my window and of those I pick the one that has the highest CRLnumber.
An extension like this would be "use-full" in this case but not necessary.
In #2 the problem gets, well unsolvable; Since there are no ways to
determine if I have all of the CRLs that are within my window (remember
validity windows on CRLs can overlap so the ones within the overlapped
window that state the certificate is revoked could be "lost") I will never
now if the certificate was valid at the time in question. Now if the CRLs
that were generated contained all entries and were marked as such with an
extension I would have a mechanism to solve this problem; simply get the
most recent CRL.
Ryan
-----Original Message-----
From: David A. Cooper [mailto:david.cooper@nist.gov]
Sent: Wednesday, September 05, 2001 7:39 AM
To: IETF-PKIX
Subject: Re: Removing expired certificates from CRLs.....
At 03:53 PM 9/5/01 +0200, Nada Kapidzic Cicovic wrote:
Denis,
I was making comments on the text which Ryan extracted in his mail, assuming
that they were from the son-of-RFC2459.
In particular the last sentence in this paragraph:
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
However, after getting your comment I realized that this sentence and the
referred section 8.6.2.2 comes from the X.509 (the latest version that I
have on my disk is X_509_4thEditionDraftV6, and it contains the above text).
I have X_509_4thEditionDraftV8 on my computer and it appears that this has
been fixed. I now says "After a certificate appears on a CRL, it may be
deleted from a subsequent CRL after the certificate's expiry." I didn't
bother to look at son-of-2459.
In any case, both X.509 and son-of-2459 should say that a certificate may be
deleted from a CRL after it has expired. In general, though, I don't think
there is much benefit to leaving expired certificates on CRLs. The problem
is that, at the moment, if an expired certificate is not listed on a CRL,
there is no way to determine whether it is not listed because it was never
revoked or if it was revoked but is not listed because it was removed after
expiration.
Some time ago, there was a suggestion to create a new, non-critical CRL
extension that would specify whether an expired certificate was covered by a
CRL (e.g., the extension could state: "This CRL includes all revoked
certificates that expire(d) after Jan. 1, 2001 (i.e., notAfter >=
010101000000Z)."). There didn't seem to be much support for this idea, so
the extension was never created.
The current text of the son-of-RFC2459 does not seem to contain it or any
other misleading sentences regarding this issue.
Sorry for the confusion.
Nada
--Boundary_(ID_JkgCqYPxPr3/zzS1dial1Q)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C13659.21A03020">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2002394047;
mso-list-type:hybrid;
mso-list-template-ids:2140069784 67698703 67698713 67698715 67698703 =
67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>David =
-<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><span =
style=3D'mso-tab-count:1'> &nbs=
p; </span>Although
my confusion on this issue has been cleared up (note to self; always =
verify
your sources) now; this brings up a very interesting point. I and =
others I have
spoken with believe that the addition of such an extension (one that =
states
that the CRL contains ALL revocation entries both current and expired) =
would be
very valuable. <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Consider this problem, today I =
receive a digitally
signed and time stamped document (a contract possibly), this document =
was
signed by a certificate issued off of any number of commercial CA's =
that
exist today. 10 years later the document is in question and I need to =
establish
that the certificate associated with the signature on the document was =
valid at
the time it was signed; there are several significant possibilities =
here:<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<ol style=3D'mso-margin-top-alt:0in' start=3D1 type=3D1>
<li class=3DMsoNormal style=3D'color:navy;mso-list:l0 level1 =
lfo1;tab-stops:list .5in'><font
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:
Arial'>CA in question has <span class=3DSpellE>CRLNumber</span> =
extension in
all of their <span class=3DSpellE>CRLs</span> and they are all =
available<o:p></o:p></span></font></li>
<li class=3DMsoNormal style=3D'color:navy;mso-list:l0 level1 =
lfo1;tab-stops:list .5in'><font
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:
Arial'>CA in question does not have the <span =
class=3DSpellE>CRLNumber</span>
in all CRLS or just a subset<o:p></o:p></span></font></li>
</ol>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Now in #1 the problem is =
relatively easy,
I find all <span class=3DSpellE>CRLs</span> that were valid during my =
window and
of those I pick the one that has the highest <span =
class=3DSpellE>CRLnumber</span>.
An extension like this would be "use-full" in this case but not
necessary.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>In #2 the problem gets, well =
unsolvable;
Since there are no ways to determine if I have all of the <span =
class=3DSpellE>CRLs</span>
that are within my window (remember validity windows on <span =
class=3DSpellE>CRLs</span>
can overlap so the ones within the overlapped window that state the =
certificate
is revoked could be "lost") I will never now if the certificate was
valid at the time in question. Now if the <span =
class=3DSpellE>CRLs</span> that
were generated contained all entries and were marked as such with an =
extension
I would have a mechanism to solve this problem; simply get the most =
recent CRL.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ryan<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> David A. Cooper
[mailto:david.cooper@nist.gov] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"9" Day=3D"5" Year=3D"2001"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>Wednesday, September 05, =
2001</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"7" Minute=3D"39"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>7:39 AM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Re: Removing =
expired
certificates from CRLs.....</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>At </span></font><st1:time Hour=3D"15" =
Minute=3D"53">03:53
PM</st1:time> <st1:date Month=3D"9" Day=3D"5" =
Year=3D"2001">9/5/01</st1:date> +0200,
Nada Kapidzic Cicovic wrote:<br =
style=3D'mso-special-character:line-break'>
<![if !supportLineBreakNewLine]><br =
style=3D'mso-special-character:line-break'>
<![endif]><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>Denis,<br>
<br>
I was making comments on the text which Ryan extracted in his mail, =
assuming
that they were from the son-of-RFC2459.<br>
<br>
In particular the last sentence in this paragraph:<br>
<br>
The </span></font><b><font size=3D2><span =
style=3D'font-size:10.0pt;font-weight:
bold'>distributionPoint </span></font></b>component contains the name =
of the
distribution point in one or more name forms. If this field is absent, =
the CRL
shall contain entries for all revoked certificates issued by the CRL =
issuer. <b><i><span
style=3D'font-weight:bold;font-style:italic'>After a certificate =
appears on a
CRL, it is deleted from a subsequent CRL after the certificate's =
expiry.<br>
<br>
</span></i></b>However, after getting your comment I realized that this
sentence and the referred section 8.6.2.2 comes from the X.509 (the =
latest
version that I have on my disk is X_509_4thEditionDraftV6, and it =
contains the
above text). <o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><br>
I have X_509_4thEditionDraftV8 on my computer and it appears that this =
has been
fixed. I now says "After a certificate appears on a CRL, it =
<b><span
style=3D'font-weight:bold'>may be</span></b> deleted from a subsequent =
CRL after
the certificate's expiry." I didn't bother to look at =
son-of-2459.<br>
<br>
In any case, both X.509 and son-of-2459 should say that a certificate =
may be
deleted from a CRL after it has expired. In general, though, I =
don't
think there is much benefit to leaving expired certificates on =
CRLs. The
problem is that, at the moment, if an expired certificate is not listed =
on a
CRL, there is no way to determine whether it is not listed because it =
was never
revoked or if it was revoked but is not listed because it was removed =
after
expiration.<br>
<br>
Some time ago, there was a suggestion to create a new, non-critical CRL
extension that would specify whether an expired certificate was covered =
by a
CRL (e.g., the extension could state: "This CRL includes all =
revoked
certificates that expire(d) after </span></font><st1:date Month=3D"1" =
Day=3D"1"
Year=3D"2001">Jan. 1, 2001</st1:date> (i.e., notAfter >=3D =
010101000000Z).").
There didn't seem to be much support for this idea, so the extension =
was never
created.<br>
<br style=3D'mso-special-character:line-break'>
<![if !supportLineBreakNewLine]><br =
style=3D'mso-special-character:line-break'>
<![endif]><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'>The current text of the son-of-RFC2459 does =
not seem
to contain it or any other misleading sentences regarding this issue. =
<br>
<br>
Sorry for the confusion.<br>
<br>
Nada<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
--Boundary_(ID_JkgCqYPxPr3/zzS1dial1Q)--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85Lg2M07910 for ietf-pkix-bks; Wed, 5 Sep 2001 14:42:02 -0700 (PDT)
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85Lg0D07903 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 14:42:00 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA12180; Wed, 5 Sep 2001 13:16:51 -0700 (PDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id QAA29997; Wed, 5 Sep 2001 16:16:47 -0400 (EDT)
Message-ID: <3B96881B.4BCB968B@sun.com>
Date: Wed, 05 Sep 2001 16:16:27 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <2F3EC696EAEED311BB2D009027C3F4F40586974D@vhqpostal.verisign.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
"Hallam-Baker, Phillip" wrote:
> > Bob Jueneman wrote:
> > > I wasn't suggesting that logos should be restricted to end-entities,
> > > I was only pointing out that such a restriction would immediately
> > > make the issue of name subordination and misuse of the logo by some
> > > intermediate CA go away.
> >
> > This isn't true. Name constraints allow me to cross certify
> > IBM's CA but
> > indicate that the only DNs it is trusted to certify are those
> > that begin
> > with "c=us, o=IBM". Even if logos are restricted to end-entities,
> > there's nothing stopping IBM's CA from placing a Sun logo in an
> > end-entity certificate. So restricting logos to end-entities doesn't
> > "make the issue of name subordination and misuse of the logo by some
> > intermediate CA go away."
>
> I don't see this as a problem for several reasons:
>
> 1) Logotypes have utility even if they cannot be used with
> cross-certification.
Their utility would be substantially reduced.
> 2) The security of the infrastructure depends on the DNS system and
> not the X.500 name system. The fact that the name is constrained as
> you state does not in practice affect Internet applications. It might
> affect OSI applications if any existed.
Name constraints work the same way for dNSName and rfc822Name name
forms, as well as for X.500 DNs that use the domainComponent attribute
type. I recognize that many CAs stuff DNS and rfc822 names into DNs
using the commonName or EmailAddress attribute types. This practice is
"deprecated but permitted", according to RFC 2459 and successors. Lack
of support for name constraints is one reason why.
> 3) The objection is simply a restatement of the proposition that
> 'bad things happen if you cross certify with someone who
> is not trustworthy'. This is not news.
Name constraints allow you to limit the "bad things" that happen. You
can trust MIT to certify MIT affiliates without worrying about whether
they might issue a certificate claiming to be for George W. Bush.
Most bridge CAs employ name constraints in this fashion. I recognize
that the bridge CA model (and perhaps cross-certification in general)
does not fit well with some business models, but it is quite popular in
many communities. Name constraints and other technology that supports
cross-certification and the bridge CA model are an important part of RFC
2459 and successors.
If logotypes are in fact inconsistent with cross-certification, then
they may not be suitable for use on the Internet.
> > Apparently, you haven't read the draft that serves as the
> > basis for this
> > discussion, draft-ietf-pkix-logotypes-00.txt. The suggested
> > format is a
> > message digest and a URL.
>
> The basis for this discussion is the proposed charter ammendments.
Reading the latest Internet Draft on the topic will help avoid needless
digressions.
-Steve
Received: by above.proper.com (8.11.6/8.11.3) id f85Lcn707815 for ietf-pkix-bks; Wed, 5 Sep 2001 14:38:49 -0700 (PDT)
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85LclD07811 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 14:38:47 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA21813; Wed, 5 Sep 2001 14:38:48 -0700 (PDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id RAA16667; Wed, 5 Sep 2001 17:38:47 -0400 (EDT)
Message-ID: <3B969B51.95A504C2@sun.com>
Date: Wed, 05 Sep 2001 17:38:25 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <2F3EC696EAEED311BB2D009027C3F4F40586974E@vhqpostal.verisign.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
"Hallam-Baker, Phillip" wrote:
> > Name constraints allow you to limit the "bad things" that happen. You
> > can trust MIT to certify MIT affiliates without worrying about whether
> > they might issue a certificate claiming to be for George W. Bush.
>
> No you can't.
>
> You can prevent someone from issuing a certificate that claims to
> be for C=US; O=Government; OU=EOP; CN=George W Bush.
>
> What you can't do is to stop someone from issuing a subjectAltName
> for potus@a1.eop.gov.
Use a name constraint with permitted subtrees of:
rfc822Name:mit.edu
-Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85LZwa07758 for ietf-pkix-bks; Wed, 5 Sep 2001 14:35:58 -0700 (PDT)
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85LZuD07752; Wed, 5 Sep 2001 14:35:56 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA20478; Wed, 5 Sep 2001 14:35:57 -0700 (PDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id RAA00810; Wed, 5 Sep 2001 17:35:55 -0400 (EDT)
Message-ID: <3B969AA6.FC43A587@sun.com>
Date: Wed, 05 Sep 2001 17:35:34 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Paul Hoffman / IMC <phoffman@imc.org>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com> <p05100327b7baf1ca610b@[165.227.249.20]> <3B96343F.5BD5C3CF@sun.com> <p05100343b7bc35f38a13@[165.227.249.20]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Paul Hoffman / IMC wrote:
> >My original email cited several other security risks that are greater
> >for logotypes than for textual names: CAs may find it harder to verify a
> >certificate requester's right to use a logotype than their right to use
> >a textual name
>
> That is not a security risk, and it is a supposition.
The risk is that it may be quite easy for a certificate requester to get
an invalid logotype certified. However, this is a supposition, as you
say. We have heard the CA vendors say "Trust us, we can handle it." And
maybe they can. But I, for one, would be much more comfortable if
logotypes were ignored unless all certificates in the path indicate that
they should be supported. This shouldn't be a problem for those who
think that cross-certification is a bad idea.
> > and logotypes may change appearance radically on
> >different devices.
>
> More radically than the way a UTF-8 name with non-ASCII characters
> will be displayed?
Maybe not, especially when part of the UTF-8 name cannot be rendered
properly on the user's device (because it includes characters that
aren't present in any font on that device, for instance). We should
probably consider adding text to some future successor to 2459 warning
about this case. Maybe we can provide similar text warning that
logotypes in certificates should not be scaled or mapped to different
colors before display. If this requirement cannot be met, the
certificate should be treated as if it did not contain the logotype.
> > Several other risks have been pointed out in the
> >recent email discussion: users may not be able to distinguish one
> >logotype from another,
>
> Ditto for names ("Type 1" vs. "Type 3", similar-looking glyphs in
> various fonts)
Users who aren't concerned about security will always just click OK (or
enter their brokerage info at a web site without considering whether
this is secure). It's hard to provide much protection for such users
(although putting logotypes in certificates will make it harder for
programs that try to be smart about what's safe).
But we should try to avoid designing in features that nobody can use
securely. The current system allows a careful user with a properly
configured system to type a URL and have the browser check that the host
name matches the certificate or examine a name in a signed email and
decide whether it is the one desired (ignoring poor fonts, misspellings,
etc). Certifying and examining a logotype is a much more fuzzy process,
open to many more errors.
> > users may not recall which logotype corresponds
> >to which entity,
>
> Ditto for names
>
> > and logotypes are not accessible to vision-impaired
> >users or usable on text-only terminals.
>
> This is indeed an issue.
>
> >The whole paragraph should be considered predicated by the first clause
> >("Unless..."). If that clause does not apply (i.e., we can develop a
> >fairly secure way to place logotypes in certificates), then I don't have
> >any objection to having this as a PKIX work item. But I have seen no
> >sign that the objections raised so far can be overcome.
>
> Then that should come up when discussing the protocols, not the
> charter.
But we have a proposal on the table for how to include logotypes in
certificates and the proposal is demonstrably flawed (although this is
subject to some debate). Nobody has been able to come up with any way to
fix it. My conclusion is that it can't be fixed. Shouldn't the question
of whether the work item is feasible be relevant to a discussion of
whether it should be added to the charter?
> >RFC 2418 (BCP 25) says that "IETF developed technologies should not add
> >insecurity to the environment in which they run." The IESG has enforced
> >this in the past and it seems especially pertinent to a working group in
> >the Security Area. I doubt that the IESG or the Security ADs will accept
> >this work item in our charter unless we can argue convincingly that we
> >can develop something that would not add insecurity to the environment
> >in which it is run. I don't think we're there yet.
>
> Trying to predict what the IESG will do is just plain silly (even
> individual IESG members are bad at this).
You're probably right. I suggest that our working group chairs make a
decision about whether they still want to include this work item in the
proposed charter. If they want to do so, I would ask that they inform
the Security ADs that the working group did not reach consensus on this
question and point the Security ADs to the discussion here on the list
so that they can make up their own mind. I believe that all of the
relevant arguments in favor and opposed have been raised.
Thanks,
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85LNGJ07552 for ietf-pkix-bks; Wed, 5 Sep 2001 14:23:16 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85LNFD07548 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 14:23:15 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id f85LKcr10341 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 17:20:38 -0400 (EDT)
Message-ID: <200109052120.f85LKc710337@stingray.missi.ncsc.mil>
Date: Wed, 05 Sep 2001 17:17:09 -0400
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
X-Mailer: Mozilla 4.77 [en] (X11; U; SunOS 5.7 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com> <p05100327b7baf1ca610b@[165.227.249.20]> <3B96343F.5BD5C3CF@sun.com> <p05100343b7bc35f38a13@[165.227.249.20]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-H-S-Loop-Check-Ejzfr:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Paul Hoffman / IMC wrote:
>
> At 10:18 AM -0400 9/5/01, Steve Hanna wrote:
> >Paul Hoffman / IMC wrote
> >> Are the risks any greater than what we have in 2459 now with spelling
> >> errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
> >> certificate"? I agree with Russ that the benefits are higher, but I'm
> >> not at all convinced that the risks are higher.
> >
> >Yes, the risks are greater than those encountered with textual names.
> >For one thing, name constraints provide an effective way to limit the
> >portion of the name space that can be reached via a cross certificate.
> >No corresponding mechanism has been suggested for logotypes nor does it
> >seem likely that such a mechanism could be developed.
>
> I don't think that name constraints works well against spelling
> errors or the kinds of names I specified above. I agree that it will
> probably be impossible to constrain logotypes any more than it is to
> constrain the value within CN.
The distinction is that name constraints is a mechanism; there is no
analogous mechanism for logotypes. If you have name constraint with
a permitted subtree under "FooCA Type 1", then your browser will reject
all certificates under "FooCA Type 2" regardless of whether the "2" is
an innocent spelling error or a malicious spoof attempt. What makes
you believe that name constraints don't work well (i.e. that the rejection
of "2" is an undesired outcome)?
> >RFC 2418 (BCP 25) says that "IETF developed technologies should not add
> >insecurity to the environment in which they run." The IESG has enforced
> >this in the past and it seems especially pertinent to a working group in
> >the Security Area. I doubt that the IESG or the Security ADs will accept
> >this work item in our charter unless we can argue convincingly that we
> >can develop something that would not add insecurity to the environment
> >in which it is run. I don't think we're there yet.
>
> Trying to predict what the IESG will do is just plain silly (even
> individual IESG members are bad at this).
There is a distinction between what BCP 25 says in black and white,
and attempting to predict how the IESG will interpret BCP 25 when
considering a new work item. Rather than wasting bandwidth calling
prediction "silly", you should argue substantively about why logotypes
do not add insecurity to the environment in which they run.
I'm agnostic on the actual issue - logotypes in certificates are
both seductive and dangerous. The potential harm from user
confusion will outweigh the cuteness factor in some circumstances
(promiscuous trust lists) and will not in others (trustworthy CAs who
attempt to make logos meaningful, distinct, and few). What should
PKIX do about it? I don't know.
Received: by above.proper.com (8.11.6/8.11.3) id f85L2Ij06971 for ietf-pkix-bks; Wed, 5 Sep 2001 14:02:18 -0700 (PDT)
Received: from eagle.verisign.com (eagle.verisign.com [208.206.241.105]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85L2GD06965 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 14:02:16 -0700 (PDT)
Received: from postal-gw1.verisign.com (verisign.com [63.104.27.101]) by eagle.verisign.com (8.9.3/BCH1.7.1) with ESMTP id OAA04679; Wed, 5 Sep 2001 14:02:49 -0700 (PDT)
Received: by postal-gw.verisign.com with Internet Mail Service (5.5.2654.89) id <R5Q8CYHF>; Wed, 5 Sep 2001 13:59:33 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586974E@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Steve Hanna'" <steve.hanna@sun.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: Bob Jueneman <bjueneman@novell.com>, ietf-pkix@imc.org
Subject: RE: charter revisions
Date: Wed, 5 Sep 2001 13:59:28 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1364D.A7471600"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C1364D.A7471600
Content-Type: text/plain;
charset="iso-8859-1"
> > I don't see this as a problem for several reasons:
> >
> > 1) Logotypes have utility even if they cannot be used with
> > cross-certification.
>
> Their utility would be substantially reduced.
I disagree.
The arguments against logotypes in cross certificates simply
restate the long standing problems with the concept of cross
certification. If you care about the problems being raised with
and have not already found a solution then you cannot use
cross certification.
> Name constraints allow you to limit the "bad things" that happen. You
> can trust MIT to certify MIT affiliates without worrying about whether
> they might issue a certificate claiming to be for George W. Bush.
No you can't.
You can prevent someone from issuing a certificate that claims to
be for C=US; O=Government; OU=EOP; CN=George W Bush.
What you can't do is to stop someone from issuing a subjectAltName
for potus@a1.eop.gov.
> Most bridge CAs employ name constraints in this fashion. I recognize
> that the bridge CA model (and perhaps cross-certification in general)
> does not fit well with some business models, but it is quite
> popular in
> many communities. Name constraints and other technology that supports
> cross-certification and the bridge CA model are an important
> part of RFC
> 2459 and successors.
I still do not buy the argument that the trust rests upon the name
constraints. A machine can make sensible decisions on the basis of
a DN, but then again a machine is going to ignore the logotypes in
any case.
The logotypes argument is about the human interface, not the
machine interface. DNs are a lousy human interface as the virtual
extinction of X.400 mail proves.
Phill
------_=_NextPart_000_01C1364D.A7471600
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C1364D.A7471600--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85KYT006310 for ietf-pkix-bks; Wed, 5 Sep 2001 13:34:29 -0700 (PDT)
Received: from bach.digsigtrust.com (host65-54.digsigtrust.com [208.30.65.54]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85KYRD06306 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 13:34:27 -0700 (PDT)
Received: from smtp.digsigtrust.com by smtp1.digsigtrust.com with ESMTP id f85KYOu02145; Wed, 5 Sep 2001 14:34:24 -0600 (MDT)
Received: from cc474623a (cc474623-a.abdn1.md.home.com [24.18.83.123]) by smtp.digsigtrust.com with SMTP id f85KY0x07615; Wed, 5 Sep 2001 14:34:00 -0600 (MDT)
Reply-To: <yuriy@trustdst.com>
From: "Yuriy Dzambasow" <yuriy@trustdst.com>
To: "Al Arsenault" <awa1@home.com>, "Steve Hanna" <steve.hanna@sun.com>
Cc: "Stephen Kent" <kent@bbn.com>, <ietf-pkix@imc.org>
Subject: RE: charter revisions
Date: Wed, 5 Sep 2001 16:31:23 -0400
Message-ID: <JEEPKOOLEPLIDOKNKEFMGEBACBAA.yuriy@trustdst.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Importance: Normal
In-reply-to: <NEBBIHJIPKPIBNEBEMDLOELEOPAA.awa1@home.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
I too agree that logotypes can help foster deployment of certificates to the
broader consumer community. Consider how merchants use the Visa, MC, and
AMEX logos to denote which credit cards they accept. Consumers then look
into their wallets and pull out the appropriate credit card (using the logo
as an identifier) based on what the merchant will accept. Of course, the
merchant still processes the credit card to ensure it is still valid, and
does not solely rely on the logo on the card. The same approach can be
taken with consumers trying to gain access to services at merchant web
sites. Therefore, I think it would be helpful to define a standard way of
representing logos in certificates.
Yuriy
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]On
Behalf Of Al Arsenault
Sent: Thursday, August 30, 2001 4:43 PM
To: Steve Hanna
Cc: Stephen Kent; ietf-pkix@imc.org
Subject: RE: charter revisions
I agree with Russ here. The issues involved with logos, while difficult,
are not insurmountable. They do serve a useful purpose in some
environments, and a standard way of including them will be much better than
letting every CA invents its own.
I believe that the logo work should be in the PKIX charter.
Al Arsenault
Chief Security Architect
Diversinet
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Housley, Russ
Sent: Thursday, August 30, 2001 1:33 PM
To: Steve Hanna
Cc: Stephen Kent; ietf-pkix@imc.org
Subject: Re: charter revisions
Steve Hanna:
>I haven't seen any comments on the revised charter yet. Most of it looks
>good to me. However, I don't think PKIX should do any work on the
>logotype extension. I know that there is a demand for this from
>marketing folks, but I don't believe that we should standardize it
>unless it can be used securely. This does not seem possible.
You and I agree on most things, but we have a major disagreement here. I
do not think that we will see widespread deployment of certificates without
logos. One measure of success will be the number of certificates that
average Internet user have. Hopefully every Internet user will have at
least one. I suspect that as we become successful, these logos will be the
tag by which users select a certificate.
I do not want to see more than one way that logos can be put into
certificates. That is the most important reason for PKIX to be involved in
the definition. You seem to agree that the market has a demand for
logos. Letting each vendor devise an independent way to meet this
marketing requirement would be very bad for all implementors.
You seem to be concerned with the security of logos. I am not. From my
perspective, we are asking CAs to do many things that are harder than
including a URL and hash of a the appropriate logo. In many, many cases,
this will be the same logo in every certificate that is issued by that CA.
Anyway, we should not have the complete technical debate on a threat about
the charter. I strongly encourage the PKIX working group to include this
area in the charter sent forward to the Area Directors for approval. Once
the revised charter is approved, we can have the technical debate and sort
out the details.
Russ
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85KMt606045 for ietf-pkix-bks; Wed, 5 Sep 2001 13:22:55 -0700 (PDT)
Received: from [165.227.249.20] (ip20.proper.com [165.227.249.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85KMrD06038 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 13:22:53 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p05100343b7bc35f38a13@[165.227.249.20]>
In-Reply-To: <3B96343F.5BD5C3CF@sun.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com> <p05100327b7baf1ca610b@[165.227.249.20]> <3B96343F.5BD5C3CF@sun.com>
Date: Wed, 5 Sep 2001 13:16:46 -0700
To: ietf-pkix@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: charter revisions
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 10:18 AM -0400 9/5/01, Steve Hanna wrote:
>Paul Hoffman / IMC wrote:
>> At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
>> >Unless the author of the Internet Draft indicates otherwise, I will
>> >assume that the primary purpose of putting logotypes in certificates
>> >is so that users can view them to make decisions about whether the
>> >certificates are trustworthy. In that case, the risks are much greater
> > >than those for the use case you described.
>>
>> Are the risks any greater than what we have in 2459 now with spelling
>> errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
>> certificate"? I agree with Russ that the benefits are higher, but I'm
>> not at all convinced that the risks are higher.
>
>Yes, the risks are greater than those encountered with textual names.
>For one thing, name constraints provide an effective way to limit the
>portion of the name space that can be reached via a cross certificate.
>No corresponding mechanism has been suggested for logotypes nor does it
>seem likely that such a mechanism could be developed.
I don't think that name constraints works well against spelling
errors or the kinds of names I specified above. I agree that it will
probably be impossible to constrain logotypes any more than it is to
constrain the value within CN.
>My original email cited several other security risks that are greater
>for logotypes than for textual names: CAs may find it harder to verify a
>certificate requester's right to use a logotype than their right to use
>a textual name
That is not a security risk, and it is a supposition.
> and logotypes may change appearance radically on
>different devices.
More radically than the way a UTF-8 name with non-ASCII characters
will be displayed?
> Several other risks have been pointed out in the
>recent email discussion: users may not be able to distinguish one
>logotype from another,
Ditto for names ("Type 1" vs. "Type 3", similar-looking glyphs in
various fonts)
> users may not recall which logotype corresponds
>to which entity,
Ditto for names
> and logotypes are not accessible to vision-impaired
>users or usable on text-only terminals.
This is indeed an issue.
>The whole paragraph should be considered predicated by the first clause
>("Unless..."). If that clause does not apply (i.e., we can develop a
>fairly secure way to place logotypes in certificates), then I don't have
>any objection to having this as a PKIX work item. But I have seen no
>sign that the objections raised so far can be overcome.
Then that should come up when discussing the protocols, not the charter.
>RFC 2418 (BCP 25) says that "IETF developed technologies should not add
>insecurity to the environment in which they run." The IESG has enforced
>this in the past and it seems especially pertinent to a working group in
>the Security Area. I doubt that the IESG or the Security ADs will accept
>this work item in our charter unless we can argue convincingly that we
>can develop something that would not add insecurity to the environment
>in which it is run. I don't think we're there yet.
Trying to predict what the IESG will do is just plain silly (even
individual IESG members are bad at this).
--Paul Hoffman, Director
--Internet Mail Consortium
Received: by above.proper.com (8.11.6/8.11.3) id f85K2AN05408 for ietf-pkix-bks; Wed, 5 Sep 2001 13:02:10 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85K28D05404 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 13:02:08 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 05 Sep 2001 14:02:07 -0600
Message-Id: <sb96305f.048@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Wed, 05 Sep 2001 14:04:27 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <steve.hanna@sun.com>
Cc: <ietf-pkix@imc.org>, <pbaker@verisign.com>
Subject: Re: charter revisions
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f85K29D05405
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
>Bob Jueneman wrote:
>> I wasn't suggesting that logos should be restricted to end-entities,
>> I was only pointing out that such a restriction would immediately
>> make the issue of name subordination and misuse of the logo by some
>> intermediate CA go away.
>
>This isn't true. Name constraints allow me to cross certify IBM's CA but
>indicate that the only DNs it is trusted to certify are those that begin
>with "c=us, o=IBM". Even if logos are restricted to end-entities,
>there's nothing stopping IBM's CA from placing a Sun logo in an
>end-entity certificate. So restricting logos to end-entities doesn't
>"make the issue of name subordination and misuse of the logo by some
>intermediate CA go away."
Sorry, Steve, you are quite correct in that sense. I guess I wasn't thinking about corporate logos tied to organizational persons as much as I was thinking about brand identification, where the brand isn't owned by the superior CA in any case, any more than VeriSign owns c=us, o=Sun. In any case, name subordination is a very limited mechanism, that solves a problem that basically doesn't exist. How many subordinate CAs can you point to that aren't owned and controlled by the parent CA? And how many browsers or other client software correctly implement the constraint? And how do you apply a name subordination constraint to a DNS name for SSL ¯ restrict it to entities registered under .com?
As Phillip points out, if you are going to cross-certify a CA that would violate a trademarked logo, you probably have even worse problems, particularly since such a case would provide the kind of iron-clad, smoking gun type of evidence that an attorney would love to have.
But if we were really and truly concerned about this issue, I believe that other alternatives could be created, for example (just off the top of my head), by somehow embedding the logo URL within a policy OID that could be subject to a policy constraint, or by inventing some entirely new mechanism. We could pile on attribute certificates and/or lots of other baggage that would provide a firm, technically sound foundation for proving that someone was duly authorized to do this, that, or the other function, including displaying a logo in his certificate, but that just negates the assumption we were making about the CA being trustworthy in the first place.
>Apparently, you haven't read the draft that serves as the basis for this
>discussion, draft-ietf-pkix-logotypes-00.txt. The suggested format is a
>message digest and a URL.
Yes, I had. I was merely echoing, or perhaps re-echoing, support for that idea, particularly after Peter Gutman had mentioned the old MPEG of a cat included within a certificate.
In any case, I believe that the merits of charter discussion have been adequately addressed, even though we may not have unanimity, and may not have even changed anyone's mind.
I move that we call the question, and let the chairs decide.
Bob
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85JCUm04137 for ietf-pkix-bks; Wed, 5 Sep 2001 12:12:30 -0700 (PDT)
Received: from eagle.verisign.com (eagle.verisign.com [208.206.241.105]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85JCSD04130 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 12:12:28 -0700 (PDT)
Received: from postal-gw1.verisign.com (verisign.com [63.104.27.101]) by eagle.verisign.com (8.9.3/BCH1.7.1) with ESMTP id MAA25125; Wed, 5 Sep 2001 12:15:46 -0700 (PDT)
Received: by postal-gw.verisign.com with Internet Mail Service (5.5.2654.89) id <R5Q8CXKN>; Wed, 5 Sep 2001 12:12:30 -0700
Message-ID: <C713C1768C55D3119D200090277AEECA023447AE@postal.verisign.com>
From: "Flynn, Michael" <MFlynn@verisign.com>
To: "'Ryan Hurst'" <ryanh@valicert.com>, "Flynn, Michael" <MFlynn@verisign.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Wed, 5 Sep 2001 12:12:26 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1363E.B3650960"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1363E.B3650960
Content-Type: text/plain;
charset="iso-8859-1"
Ryan,
You wrote, "However CRL validity windows commonly overlap; so determining
how would some one know (without CRLNumbers which most CAs do not include
yet) if they had them all?"
That is a good point.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Wednesday, September 05, 2001 12:02 PM
To: 'Flynn, Michael'; Ryan Hurst; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Michael -
In regards to storing all generated CRLs for n period of time to
address the non-repudiation issues; yes this would deal with the problem.
However CRL validity windows commonly overlap; so determining how would some
one know (without CRLNumbers which most CAs do not include yet) if they had
them all? Additionally the process of looking at ALL CRLs and determining
which one is the "most recent" match would be an expensive one.
For these reasons it would be "nice" if CRLs were only used by servers and
contained all revoked certificates; but this means that clients would not
want to use CRLs due to the expense associated with acquiring the recent
CRL.
I believe the overall goal of CRLs was not to deal with NR, but to instead
have a simple mechanism to distribute bulk "current" revocation information
to the broadest set of clients. For this reason; I think its best to remove
the expired certificates and deal with NR through another mechanism,
probably service based.
After reading every ones posts on this topic, I guess I do not think we
should mandate the removal of the entries; we may wish recommend this be
done though. This of coarse is a mute point due to the last-call already
taking place ;)
Ryan
-----Original Message-----
From: Flynn, Michael [mailto:MFlynn@verisign.com]
Sent: Wednesday, September 05, 2001 10:03 AM
To: 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
------_=_NextPart_001_01C1363E.B3650960
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content=Word.Document name=ProgId>
<META content="MSHTML 5.50.4616.200" name=GENERATOR>
<META content="Microsoft Word 10" name=Originator><LINK
href="cid:filelist.xml@01C13603.66FB6DC0" rel=File-List><o:SmartTagType
name="PersonName"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="time"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="date"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>
st1\:*{behavior:url(#default#ieooui) }
</STYLE>
<![endif]-->
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=EN-US style="tab-interval: .5in" vLink=purple link=blue>
<DIV><FONT face=Arial><FONT color=#000080><FONT size=2><SPAN
class=226091019-05092001>Ryan,</SPAN></FONT></FONT></FONT></DIV>
<DIV><SPAN class=226091019-05092001></SPAN><FONT face=Arial><FONT
color=#000080><FONT size=2><SPAN class=226091019-05092001>You wrote,
"</SPAN>However CRL validity windows commonly overlap; so determining how would
some one know (without CRLNumbers which most CAs do not include yet) if they had
them all?<SPAN class=226091019-05092001>"</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><SPAN class=226091019-05092001><FONT face=Arial color=#000080 size=2>That
is a good point.</FONT></SPAN></DIV>
<DIV><SPAN class=226091019-05092001><FONT face=Arial color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=226091019-05092001><FONT face=Arial color=#000080
size=2>Michael</FONT></SPAN></DIV>
<DIV><SPAN class=226091019-05092001></SPAN> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Ryan Hurst
[mailto:ryanh@valicert.com]<BR><B>Sent:</B> Wednesday, September 05, 2001
12:02 PM<BR><B>To:</B> 'Flynn, Michael'; Ryan Hurst;
IETF-PKIX<BR><B>Subject:</B> RE: Removing expired certificates from
CRLs.....<BR><BR></FONT></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Michael
-<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><SPAN
style="mso-tab-count: 1">
</SPAN>In regards to storing all generated CRLs for <I
style="mso-bidi-font-style: normal"><SPAN
style="FONT-STYLE: italic; mso-bidi-font-style: normal">n </SPAN></I>period of
time to address the non-repudiation issues; yes this would deal with the
problem. However CRL validity windows commonly overlap; so determining how
would some one know (without CRLNumbers which most CAs do not include yet) if
they had them all? Additionally the process of looking at ALL CRLs and
determining which one is the "most recent" match would be an expensive
one.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">For these reasons it
would be "nice" if CRLs were only used by servers and contained all revoked
certificates; but this means that clients would not want to use CRLs due to
the expense associated with acquiring the recent
CRL.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I believe the overall
goal of CRLs was not to deal with NR, but to instead have a simple mechanism
to distribute bulk "current" revocation information to the broadest set of
clients. For this reason; I think its best to remove the expired certificates
and deal with NR through another mechanism, probably service
based.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">After reading every
ones posts on this topic, I guess I do not think we should mandate the removal
of the entries; we may wish recommend this be done though. This of coarse is a
mute point due to the last-call already taking place
;)<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Ryan<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original
Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Flynn,
Michael [mailto:MFlynn@verisign.com] <BR><B><SPAN
style="FONT-WEIGHT: bold">Sent:</SPAN></B> </SPAN></FONT><st1:date Year="2001"
Day="5" Month="9"><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Wednesday, September 05,
2001</SPAN></FONT></st1:date><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> </SPAN></FONT><st1:time
Minute="3" Hour="10"><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">10:03
AM</SPAN></FONT></st1:time><FONT face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN
style="FONT-WEIGHT: bold">To:</SPAN></B> 'Ryan Hurst'; IETF-PKIX<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: Removing expired
certificates from CRLs.....</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Courier New"
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Ryan,</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"> <o:p></o:p></SPAN></FONT></P></DIV>
<DIV>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Courier New"
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Ryan
wrote::<o:p></o:p></SPAN></FONT></P></DIV>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it makes sense to
remove certificates that are expired from CRLs to control size, yes this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other
issues.</SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"> <o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">At least regarding removing
expired certs from CRLs, I would think that non-repudiation can be satisfied
by keeping the old CRLs in back up storage for some length of time. That time
being how far back in time a contract dispute might go; ten years, twenty?
So long as you could get them off tape for the lawyers to look at
the legal process would be satisfied, they don't need to be online
forever. <o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"> </SPAN></FONT><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Michael<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt"> </SPAN></FONT><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></P>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; MARGIN: 5pt 0in 5pt 3.75pt; BORDER-LEFT: black 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<P class=MsoNormal
style="MARGIN-BOTTOM: 12pt; MARGIN-LEFT: 0.5in; MARGIN-RIGHT: 0in; mso-margin-top-alt: 0in"><FONT
face=Tahoma size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original
Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Ryan
Hurst [mailto:ryanh@valicert.com]<BR><B><SPAN
style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tuesday, September 04, 2001 8:50
PM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B>
IETF-PKIX<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Removing
expired certificates from CRLs.....</SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I was speaking with
</SPAN></FONT><st1:PersonName><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Peter
Williams</SPAN></FONT></st1:PersonName><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> today about the removal of
expired certificates from CRLs; I have always been under the belief that
this behavior was optional, I vaguely remembered reading text in 2459 along
those lines; additionally I know of several commercial CAs that do not
remove the expired certificates from their CRLs. Peter on the other hand was
under the impression that it was a mandate to remove CRLs; he too remembered
reading text in 2459 to support is position.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">So we each pulled out the RFC
and found that we were both right! Specifically both sections 3.3 and
8.6.2.2 have text on this subject:<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><B
style="mso-bidi-font-weight: normal"><FONT face=Arial size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-weight: normal">3.3<SPAN
style="mso-spacerun: yes">
</SPAN>Revocation<o:p></o:p></SPAN></FONT></B></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">When a
certificate is issued, it is expected to be in use for its entire validity
period.<SPAN style="mso-spacerun: yes"> </SPAN>However, various
circumstances may cause a certificate to become invalid prior to the
expiration of the validity period.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">An entry
is added to the CRL as part of the next update following notification of
revocation. <B><I><SPAN style="FONT-WEIGHT: bold; FONT-STYLE: italic">An
entry may be removed from the CRL after appearing on one regularly scheduled
CRL issued beyond the revoked certificate's validity
period.</SPAN></I></B><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><B><FONT face=Arial
size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial">8.6.2.2
Issuing distribution point extension<o:p></o:p></SPAN></FONT></B></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">This CRL extension
field identifies the CRL distribution point for this particular CRL, and
indicates if the CRL is limited to revocations for end-entity certificates
only, for authority certificates only, or for a limited set of reasons only.
The CRL is signed by the CRL issuer's key- CRL distribution points do not
have their own key pairs. However, for a CRL distributed via the Directory,
the CRL is stored in the entry of the CRL distribution point, which may not
be the directory entry of the CRL issuer.<I><SPAN
style="FONT-STYLE: italic"> <B><SPAN style="FONT-WEIGHT: bold">If this field
is absent, the CRL shall contain entries for all revoked unexpired
certificates issued by the CRL
issuer.</SPAN></B><o:p></o:p></SPAN></I></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><I><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
color=blue size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="MARGIN-LEFT: 0.5in; mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The
</SPAN></FONT><B><FONT face=Arial size=1><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial">distributionPoint
</SPAN></FONT></B><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">component contains the name of
the distribution point in one or more name forms. If this field is absent,
the CRL shall contain entries for all revoked certificates issued by the CRL
issuer. <B><I><SPAN style="FONT-WEIGHT: bold; FONT-STYLE: italic">After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.<o:p></o:p></SPAN></I></B></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Although section 8.6.2.2 is
specifically in regards to CRLdps, any difference between full CRLs and
CRLdps in this case I feel would be an arbitrary one.
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it makes sense to
remove certificates that are expired from CRLs to control size, yes this has
a negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other
issues.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">That being the case I think; and
I believe Peter would agree the correct thing to do is to remove these
expired/revoked entries from the CRL. <o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The question now is what is the
PKIX stance on this matter?<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Ryan M.
Hurst<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ValiCert,
Inc.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><I><FONT
face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-STYLE: italic; mso-no-proof: yes">"It may
roundly be asserted that human ingenuity cannot concoct a cipher which
human ingenuity cannot resolve."</SPAN></FONT></I><SPAN
style="mso-no-proof: yes"><o:p></o:p></SPAN></P></BLOCKQUOTE>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN style="FONT-SIZE: 12pt; mso-no-proof: yes">-Edgar Allan
Poe</SPAN><o:p></o:p></FONT></P></BLOCKQUOTE>
<P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman"
size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C1363E.B3650960--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85JBZK04045 for ietf-pkix-bks; Wed, 5 Sep 2001 12:11:35 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85JBWD04041 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 12:11:32 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ700601EOFYG@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 5 Sep 2001 12:12:15 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ7006O2EOF1U@ext-mail.valicert.com>; Wed, 05 Sep 2001 12:12:15 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV0JM>; Wed, 05 Sep 2001 12:05:11 -0700
Content-return: allowed
Date: Wed, 05 Sep 2001 12:05:10 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'Flynn, Michael'" <MFlynn@verisign.com>, Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE224@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_xLkhTDD4+HYrWByFtJbT+w)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_xLkhTDD4+HYrWByFtJbT+w)
Content-type: text/plain
Thanks Sharon -
I guess both documents are consistent now; I must have had an
older copy of X509. Sorry for any confusion I caused; and thanks for the
great participation in the discussion ;)
Ryan
-----Original Message-----
From: Sharon Boeyen [mailto:sharon.boeyen@entrust.com]
Sent: Wednesday, September 05, 2001 10:36 AM
To: 'Flynn, Michael'; 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
I suspect some of the PKIX text was never updated to reflect the successful
ballot on the X.509 defect report that fixed this in the base X.509 text.
The approved TC for the defect (DR 204) corrected this problem by making the
following changes to X.509 (97).
Clause 12.6.3.1
In the first sentence following the ASN.1, delete "unexpired"
Add the following as a new second sentence in the first paragraph following
the ASN.1
"After a certificate appears on a CRL, it may be deleted from a subsequent
CRL after the certificate's expiry."
Cheers,
Sharon
-----Original Message-----
From: Flynn, Michael [mailto:MFlynn@verisign.com]
Sent: Wednesday, September 05, 2001 1:03 PM
To: 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
--Boundary_(ID_xLkhTDD4+HYrWByFtJbT+w)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C13603.D43EECE0">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Thanks =
</span></font><st1:City><st1:place><font
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'>Sharon</span></font></st1:place></st1:City><font size=3D2
color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'> -<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><span =
style=3D'mso-tab-count:1'> &nbs=
p; </span>I
guess both documents are consistent now; I must have had an older copy =
of X509.
Sorry for any confusion I caused; and thanks for the great =
participation in the
discussion ;)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ryan<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Sharon Boeyen
[mailto:sharon.boeyen@entrust.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"9" Day=3D"5" Year=3D"2001"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>Wednesday, September 05, =
2001</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"10" Minute=3D"36"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>10:36 AM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Flynn, Michael'; =
'Ryan
Hurst'; IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: Removing =
expired
certificates from CRLs.....</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dblue face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:blue'>I suspect some =
of the
PKIX text was never updated to reflect the successful ballot on =
the X.509
defect report that fixed this in the base X.509 text. The approved TC =
for the
defect (DR 204) corrected this problem by making the following changes =
to X.509
(97).</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:36.55pt'><b =
style=3D'mso-bidi-font-weight:
normal'><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
font-weight:bold;mso-bidi-font-weight:normal'>Clause =
12.6.3.1<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><i =
style=3D'mso-bidi-font-style:
normal'><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
font-style:italic;mso-bidi-font-style:normal'>In the first sentence =
following
the ASN.1, delete "unexpired"<o:p></o:p></span></font></i></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><i =
style=3D'mso-bidi-font-style:
normal'><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
font-style:italic;mso-bidi-font-style:normal'> <o:p></o:p></span></=
font></i></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><i =
style=3D'mso-bidi-font-style:
normal'><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;
font-style:italic;mso-bidi-font-style:normal'>Add the following as a =
new second
sentence in the first paragraph following the =
ASN.1<o:p></o:p></span></font></i></p>
<p class=3DMsoNormal style=3D'margin-left:1.0in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Times New Roman"><span
style=3D'font-size:10.0pt'>"After a certificate appears on a CRL, it =
may be
deleted from a subsequent CRL after the certificate's =
expiry."<o:p></o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
color=3Dblue
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:blue'>Cheers,</span></font><o:p></o:p></=
p>
</div>
<div>
<p class=3DMsoNormal =
style=3D'margin-left:.5in'><st1:City><st1:place><font size=3D3
color=3Dblue face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:blue'>Sharon</span></font></st1:place></=
st1:City><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
color=3Dblue
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:blue'> </span></font><o:p></o:p></p=
>
</div>
<blockquote style=3D'border:none;border-left:solid blue =
1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt=
'>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Flynn, Michael
[mailto:MFlynn@verisign.com]<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"9" Day=3D"5" Year=3D"2001"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>Wednesday, September 05, =
2001</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"13" Minute=3D"3"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>1:03 PM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Ryan Hurst'; =
IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: Removing =
expired
certificates from CRLs.....</span></font><o:p></o:p></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Ryan,</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt;font-family:"Courier New"'>Ryan =
wrote::<o:p></o:p></span></font></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Now logically it makes =
sense to
remove certificates that are expired from CRLs to control size, yes =
this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other =
issues.</span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>At least regarding =
removing expired
certs from CRLs, I would think that non-repudiation can be satisfied by =
keeping
the old CRLs in back up storage for some length of time. That time =
being how
far back in time a contract dispute might go; ten years, twenty? =
So long
as you could get them off tape for the lawyers to look at the =
legal
process would be satisfied, they don't need to be online forever. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></=
p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Michael<o:p></o:p></span></=
font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></=
p>
<blockquote style=3D'border:none;border-left:solid black =
1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt=
'>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Ryan Hurst
[mailto:ryanh@valicert.com]<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tuesday, September =
04, 2001
8:50 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Removing =
expired
certificates from CRLs.....</span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I was speaking with =
</span></font><st1:PersonName><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Peter
Williams</span></font></st1:PersonName><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'> today about the removal =
of expired
certificates from CRLs; I have always been under the belief that this =
behavior
was optional, I vaguely remembered reading text in 2459 along those =
lines;
additionally I know of several commercial CAs that do not remove the =
expired
certificates from their CRLs. Peter on the other hand was under the =
impression
that it was a mandate to remove CRLs; he too remembered reading text in =
2459 to
support is position.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>So we each pulled out the =
RFC and
found that we were both right! Specifically both sections 3.3 and =
8.6.2.2 have
text on this subject:<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><b =
style=3D'mso-bidi-font-weight:normal'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-weight:
bold;mso-bidi-font-weight:normal'>3.3<span =
style=3D'mso-spacerun:yes'>
</span>Revocation<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'>When a certificate is issued, it is expected =
to be in
use for its entire validity period.<span =
style=3D'mso-spacerun:yes'>
</span>However, various circumstances may cause a certificate to become =
invalid
prior to the expiration of the validity =
period.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'>An entry is added to the CRL as part of the =
next
update following notification of revocation. <b><i><span =
style=3D'font-weight:
bold;font-style:italic'>An entry may be removed from the CRL after =
appearing on
one regularly scheduled CRL issued beyond the revoked certificate's =
validity
period.</span></i></b><o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><b><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-weight:
bold'>8.6.2.2 Issuing distribution point =
extension<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>This CRL
extension field identifies the CRL distribution point for this =
particular CRL,
and indicates if the CRL is limited to revocations for end-entity =
certificates
only, for authority certificates only, or for a limited set of reasons =
only.
The CRL is signed by the CRL issuer's key- CRL distribution points do =
not have
their own key pairs. However, for a CRL distributed via the Directory, =
the CRL
is stored in the entry of the CRL distribution point, which may not be =
the
directory entry of the CRL issuer.<i><span style=3D'font-style:italic'> =
<b><span
style=3D'font-weight:bold'>If this field is absent, the CRL shall =
contain entries
for all revoked unexpired certificates issued by the CRL =
issuer.</span></b><o:p></o:p></span></i></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><i><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-style:
italic'><o:p> </o:p></span></font></i></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 color=3Dblue face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:blue'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>The </span></font><b><font
size=3D1 face=3DArial><span =
style=3D'font-size:9.0pt;font-family:Arial;font-weight:
bold'>distributionPoint </span></font></b><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>component contains the =
name of the
distribution point in one or more name forms. If this field is absent, =
the CRL
shall contain entries for all revoked certificates issued by the CRL =
issuer. <b><i><span
style=3D'font-weight:bold;font-style:italic'>After a certificate =
appears on a CRL,
it is deleted from a subsequent CRL after the certificate's =
expiry.<o:p></o:p></span></i></b></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Although section 8.6.2.2 =
is
specifically in regards to CRLdps, any difference between full CRLs and =
CRLdps
in this case I feel would be an arbitrary one. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Now logically it makes =
sense to
remove certificates that are expired from CRLs to control size, yes =
this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other =
issues.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>That being the case I =
think; and I
believe Peter would agree the correct thing to do is to remove these
expired/revoked entries from the CRL. <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>The question now is what =
is the PKIX
stance on this matter?<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Ryan M. =
Hurst<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>ValiCert, =
Inc.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal style=3D'margin-left:.5in'><i><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;font-style:italic;
mso-no-proof:yes'>"It may roundly be asserted that human ingenuity =
cannot
concoct a cipher which human ingenuity cannot =
resolve."</span></font></i><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>
</blockquote>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt;mso-no-proof:yes'>-Edgar Allan =
Poe</span><o:p></o:p></font></p>
</blockquote>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
</blockquote>
</blockquote>
</div>
</body>
</html>
--Boundary_(ID_xLkhTDD4+HYrWByFtJbT+w)--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85J8VS03910 for ietf-pkix-bks; Wed, 5 Sep 2001 12:08:31 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85J8TD03905 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 12:08:29 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ700601EJCXK@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 5 Sep 2001 12:09:12 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ7006C5EJCAP@ext-mail.valicert.com>; Wed, 05 Sep 2001 12:09:12 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV02Z>; Wed, 05 Sep 2001 12:02:08 -0700
Content-return: allowed
Date: Wed, 05 Sep 2001 12:02:07 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Flynn, Michael'" <MFlynn@verisign.com>, Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE223@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_5o83KWaDDNRlwIiBIh7UyQ)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_5o83KWaDDNRlwIiBIh7UyQ)
Content-type: text/plain
Michael -
In regards to storing all generated CRLs for n period of time to
address the non-repudiation issues; yes this would deal with the problem.
However CRL validity windows commonly overlap; so determining how would some
one know (without CRLNumbers which most CAs do not include yet) if they had
them all? Additionally the process of looking at ALL CRLs and determining
which one is the "most recent" match would be an expensive one.
For these reasons it would be "nice" if CRLs were only used by servers and
contained all revoked certificates; but this means that clients would not
want to use CRLs due to the expense associated with acquiring the recent
CRL.
I believe the overall goal of CRLs was not to deal with NR, but to instead
have a simple mechanism to distribute bulk "current" revocation information
to the broadest set of clients. For this reason; I think its best to remove
the expired certificates and deal with NR through another mechanism,
probably service based.
After reading every ones posts on this topic, I guess I do not think we
should mandate the removal of the entries; we may wish recommend this be
done though. This of coarse is a mute point due to the last-call already
taking place ;)
Ryan
-----Original Message-----
From: Flynn, Michael [mailto:MFlynn@verisign.com]
Sent: Wednesday, September 05, 2001 10:03 AM
To: 'Ryan Hurst'; IETF-PKIX
Subject: RE: Removing expired certificates from CRLs.....
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
--Boundary_(ID_5o83KWaDDNRlwIiBIh7UyQ)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C13603.66FB6DC0">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"date"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:navy;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Michael =
-<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><span =
style=3D'mso-tab-count:1'> &nbs=
p; </span>In
regards to storing all generated CRLs for <i =
style=3D'mso-bidi-font-style:normal'><span
style=3D'font-style:italic;mso-bidi-font-style:normal'>n =
</span></i>period of
time to address the non-repudiation issues; yes this would deal with =
the
problem. However CRL validity windows commonly overlap; so determining =
how
would some one know (without CRLNumbers which most CAs do not include =
yet) if
they had them all? Additionally the process of looking at ALL CRLs and
determining which one is the "most recent" match would be an
expensive one.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>For these reasons it would be =
"nice"
if CRLs were only used by servers and contained all revoked =
certificates; but
this means that clients would not want to use CRLs due to the expense
associated with acquiring the recent CRL.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>I believe the overall goal of CRLs =
was not
to deal with NR, but to instead have a simple mechanism to distribute =
bulk "current"
revocation information to the broadest set of clients. For this reason; =
I think
its best to remove the expired certificates and deal with NR through =
another mechanism,
probably service based.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>After reading every ones posts on =
this
topic, I guess I do not think we should mandate the removal of the =
entries; we
may wish recommend this be done though. This of coarse is a mute point =
due to
the last-call already taking place ;)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Ryan<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>=
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Flynn, Michael
[mailto:MFlynn@verisign.com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> =
</span></font><st1:date
Month=3D"9" Day=3D"5" Year=3D"2001"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:
10.0pt;font-family:Tahoma'>Wednesday, September 05, =
2001</span></font></st1:date><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> </span></font><st1:time
Hour=3D"10" Minute=3D"3"><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>10:03 AM</span></font></st1:time><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>To:</span></b> 'Ryan Hurst'; =
IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: Removing =
expired
certificates from CRLs.....</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Ryan,</span></font><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt;font-family:"Courier New"'>Ryan =
wrote::<o:p></o:p></span></font></p>
</div>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Now logically it makes =
sense to
remove certificates that are expired from CRLs to control size, yes =
this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other =
issues.</span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>At least regarding =
removing expired
certs from CRLs, I would think that non-repudiation can be satisfied by =
keeping
the old CRLs in back up storage for some length of time. That time =
being how
far back in time a contract dispute might go; ten years, twenty? =
So long
as you could get them off tape for the lawyers to look at the =
legal
process would be satisfied, they don't need to be online forever. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></=
p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Michael<o:p></o:p></span></=
font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'> </span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></=
p>
<blockquote style=3D'border:none;border-left:solid black =
1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt=
'>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Ryan Hurst
[mailto:ryanh@valicert.com]<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tuesday, September =
04, 2001
8:50 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> IETF-PKIX<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Removing =
expired
certificates from CRLs.....</span></font><o:p></o:p></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>I was speaking with =
</span></font><st1:PersonName><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Peter
Williams</span></font></st1:PersonName><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'> today about the removal =
of expired
certificates from CRLs; I have always been under the belief that this =
behavior
was optional, I vaguely remembered reading text in 2459 along those line=
s;
additionally I know of several commercial CAs that do not remove the =
expired
certificates from their CRLs. Peter on the other hand was under the =
impression
that it was a mandate to remove CRLs; he too remembered reading text in =
2459 to
support is position.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>So we each pulled out the =
RFC and
found that we were both right! Specifically both sections 3.3 and =
8.6.2.2 have
text on this subject:<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><b =
style=3D'mso-bidi-font-weight:normal'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-weight:
bold;mso-bidi-font-weight:normal'>3.3<span =
style=3D'mso-spacerun:yes'>
</span>Revocation<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'>When a certificate is issued, it is expected =
to be in
use for its entire validity period.<span =
style=3D'mso-spacerun:yes'>
</span>However, various circumstances may cause a certificate to become =
invalid
prior to the expiration of the validity =
period.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in;tab-stops:45.8pt 91.6pt =
137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt =
549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none'><font size=3D2 face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial'>An entry is added to the CRL as part of the =
next
update following notification of revocation. <b><i><span =
style=3D'font-weight:
bold;font-style:italic'>An entry may be removed from the CRL after =
appearing on
one regularly scheduled CRL issued beyond the revoked certificate's =
validity
period.</span></i></b><o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><b><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-weight:
bold'>8.6.2.2 Issuing distribution point =
extension<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>This CRL
extension field identifies the CRL distribution point for this =
particular CRL,
and indicates if the CRL is limited to revocations for end-entity =
certificates
only, for authority certificates only, or for a limited set of reasons =
only.
The CRL is signed by the CRL issuer's key- CRL distribution points do =
not have
their own key pairs. However, for a CRL distributed via the Directory, =
the CRL
is stored in the entry of the CRL distribution point, which may not be =
the
directory entry of the CRL issuer.<i><span style=3D'font-style:italic'> =
<b><span
style=3D'font-weight:bold'>If this field is absent, the CRL shall =
contain entries
for all revoked unexpired certificates issued by the CRL =
issuer.</span></b><o:p></o:p></span></i></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><i><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-style:
italic'><o:p> </o:p></span></font></i></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 color=3Dblue face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:blue'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'margin-left:.5in;mso-layout-grid-align:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>The </span></font><b><font
size=3D1 face=3DArial><span =
style=3D'font-size:9.0pt;font-family:Arial;font-weight:
bold'>distributionPoint </span></font></b><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>component contains the =
name of the
distribution point in one or more name forms. If this field is absent, =
the CRL
shall contain entries for all revoked certificates issued by the CRL =
issuer. <b><i><span
style=3D'font-weight:bold;font-style:italic'>After a certificate =
appears on a
CRL, it is deleted from a subsequent CRL after the certificate's =
expiry.<o:p></o:p></span></i></b></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Although section 8.6.2.2 =
is
specifically in regards to CRLdps, any difference between full CRLs and =
CRLdps
in this case I feel would be an arbitrary one. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Now logically it makes =
sense to
remove certificates that are expired from CRLs to control size, yes =
this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other =
issues.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>That being the case I =
think; and I
believe Peter would agree the correct thing to do is to remove these
expired/revoked entries from the CRL. <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 face=3DAr=
ial><span
style=3D'font-size:10.0pt;font-family:Arial'>The question now is what =
is the PKIX
stance on this matter?<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Ryan M. =
Hurst<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>ValiCert, =
Inc.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal style=3D'margin-left:.5in'><i><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;font-style:italic;
mso-no-proof:yes'>"It may roundly be asserted that human ingenuity =
cannot
concoct a cipher which human ingenuity cannot =
resolve."</span></font></i><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>
</blockquote>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt;mso-no-proof:yes'>-Edgar Allan =
Poe</span><o:p></o:p></font></p>
</blockquote>
<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>
</blockquote>
</div>
</body>
</html>
--Boundary_(ID_5o83KWaDDNRlwIiBIh7UyQ)--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85IxW603629 for ietf-pkix-bks; Wed, 5 Sep 2001 11:59:32 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85IxVD03625 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 11:59:31 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ700601E4EVN@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 5 Sep 2001 12:00:14 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ7006A7E4DAP@ext-mail.valicert.com>; Wed, 05 Sep 2001 12:00:13 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV0HC>; Wed, 05 Sep 2001 11:53:10 -0700
Content-return: allowed
Date: Wed, 05 Sep 2001 11:53:08 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: RE: Removing expired certificates from CRLs.....
To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Nada Kapidzic Cicovic <nada@entegrity.com>
Cc: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE222@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Apologies --
Looks like I jumped to an assumption in regards to the origin of the
8.6.2.2 text I quoted, apparently it did not come from 2459; instead it came
from x509 v4. That being the case I guess that 2549 is not inconsistent as I
originally stated.
That being said shouldn't these two sources be consistent?
Ryan
-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Wednesday, September 05, 2001 6:22 AM
To: Nada Kapidzic Cicovic
Cc: Ryan Hurst; IETF-PKIX
Subject: Re: Removing expired certificates from CRLs.....
Nada,
Which text are using using ? In son-of-RC2459 there is no section 8.6.2.2.
as you indicate.
Please be more specific on the exact sentence that you think is not
appropriate in son-of-RC2459 and which exact change you would like to be
done.
Denis
> >Nada and Ryan,
> >
> > > Ryan,
> > >
> > > Some years ago we at Entegrity also had similar discussion. We were
> > > positive CRLs were not to contain the information about the expired
> > > certificates, until we came across some industry CA CRLs containing
> > > information about all revoked certificates. We then looked into 2459
> > > (draft in those days) and X.509 text and came to the conclusion that
> > > deleting info about expired certificates from a CRL is only an option.
> > >
> > > I am not sure what was the intention of the original authors of X.509
> > > (perhaps Sharon and Hoyt know more about it), but the current industry
> > > practice seems to be a mixture of both approaches.
> >
> >At the very beginning, when ISO started the work, non-repudiation was not
> >considered, but only authentication and data origin authentication.
> >
> > > My personal opinion is that keeping all revoked certificates info in
CRLs
> > > brings more problems than benefits. However, it is questionable
whether
> > > PKIX needs to take a vote for one approach or the other.
> > >
> > > In any case I would suggest that the text of 2459 be modified so that
it
> > > has a MAY (or a MUST) consistently in all places where deleting
expired
> > > certificates revocation info from CRLs is mentioned. The current text
only
> > > brings confusion, as you have already pointed out.
> >
> >In all the sentences that have been extracted below, I could not find a
> >place where a change would be necessary. So I believe that the current
text
> >is OK : it tells how long revoked certificates MUST be kept in a CRL but
> >does not forbid to maintain them longer. I agree that maintaining them
too
>
> The text in 8.6.2.2 does not mention the possibility of leaving the
expired
> certificates identifiers in CRL. The last extracted sentence is very
> explicit in requiring removal of revocation info for expired certificates.
>
> >long would be a problem because of the increasing size of the CRL, hence
why
> >CRL information should be captured when still available, in case a
> >non-repudiation service is supported.
>
> I could not agree more. Perhaps DPV/DPD work could include such
guidelines.
>
> >We could add is a recommendation like: "Certificates identifiers
> >for certificates that contain the NR bit in the KeyUsage extension field
> >SHOULD be maintained in a CRL a few days or weeks after they have
expired."
> >
> >However, it seems rather late to add such a sentence, since we passed
IETF
> >last call. I leave the issue to the editors ...
>
> You are right. Since the document has already progressed this far, it may
> not be worth making additional modifications.
>
> Nada
>
> >Denis
> >
> >
> > > Nada
> > >
> > > At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:
> > >
> > > > I was speaking with Peter Williams today about the removal of
expired
> > > > certificates from CRLs; I have always been under the belief that
this
> > > > behavior was optional, I vaguely remembered reading text in 2459
along
> > > > those lines; additionally I know of several commercial CAs that do
not
> > > > remove the expired certificates from their CRLs. Peter on the other
hand
> > > > was under the impression that it was a mandate to remove CRLs; he
too
> > > > remembered reading text in 2459 to support is position.
> > > >
> > > >
> > > >
> > > > So we each pulled out the RFC and found that we were both right!
> > > > Specifically both sections 3.3 and 8.6.2.2 have text on this
subject:
> > > >
> > > >
> > > >
> > > > 3.3 Revocation
> > > >
> > > > When a certificate is issued, it is expected to be in use for its
entire
> > > > validity period. However, various circumstances may cause a
certificate
> > > > to become invalid prior to the expiration of the validity period.
> > > >
> > > >
> > > >
> > > > ....
> > > >
> > > >
> > > >
> > > > An entry is added to the CRL as part of the next update following
> > > > notification of revocation. An entry may be removed from the CRL
after
> > > > appearing on one regularly scheduled CRL issued beyond the revoked
> > > > certificate's validity period.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 8.6.2.2 Issuing distribution point extension
> > > >
> > > > This CRL extension field identifies the CRL distribution point for
this
> > > > particular CRL, and indicates if the CRL is limited to revocations
for
> > > > end-entity certificates only, for authority certificates only, or
for a
> > > > limited set of reasons only. The CRL is signed by the CRL issuer's
key-
> > > > CRL distribution points do not have their own key pairs. However,
for a
> > > > CRL distributed via the Directory, the CRL is stored in the entry of
the
> > > > CRL distribution point, which may not be the directory entry of the
CRL
> > > > issuer. If this field is absent, the CRL shall contain entries for
all
> > > > revoked unexpired certificates issued by the CRL issuer.
> > > >
> > > >
> > > >
> > > > ....
> > > >
> > > >
> > > >
> > > > The distributionPoint component contains the name of the
distribution
> > > > point in one or more name forms. If this field is absent, the CRL
shall
> > > > contain entries for all revoked certificates issued by the CRL
issuer.
> > > > After a certificate appears on a CRL, it is deleted from a
subsequent
> > > > CRL after the certificate's expiry.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Although section 8.6.2.2 is specifically in regards to CRLdps, any
> > > > difference between full CRLs and CRLdps in this case I feel would be
an
> > > > arbitrary one.
> > > >
> > > >
> > > >
> > > > Now logically it makes sense to remove certificates that are expired
> > > > from CRLs to control size, yes this has a negative point
specifically it
> > > > prevents CRLs from being used as a non-repudiation source; but this
is
> > > > mute due to many other issues.
> > > >
> > > >
> > > >
> > > > That being the case I think; and I believe Peter would agree the
correct
> > > > thing to do is to remove these expired/revoked entries from the CRL.
> > > >
> > > >
> > > >
> > > > The question now is what is the PKIX stance on this matter?
> > > >
> > > >
> > > >
> > > > Ryan M. Hurst
> > > >
> > > > ValiCert, Inc.
> > > >
> > > >
> > > >
> > > > "It may roundly be asserted that human ingenuity cannot concoct
a
> > > > cipher which human ingenuity cannot resolve."
> > > > -Edgar Allan Poe
> > > >
> > > >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85IxH503620 for ietf-pkix-bks; Wed, 5 Sep 2001 11:59:17 -0700 (PDT)
Received: from eagle.verisign.com (eagle.verisign.com [208.206.241.105]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85IxGD03616 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 11:59:16 -0700 (PDT)
Received: from postal-gw2.verisign.com (verisign.com [63.104.27.102]) by eagle.verisign.com (8.9.3/BCH1.7.1) with ESMTP id MAA23475; Wed, 5 Sep 2001 12:02:23 -0700 (PDT)
Received: by postal-gw.verisign.com with Internet Mail Service (5.5.2653.19) id <R5Q7WT85>; Wed, 5 Sep 2001 11:59:08 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586974D@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Steve Hanna'" <steve.hanna@sun.com>, Bob Jueneman <bjueneman@novell.com>
Cc: "Hallam-Baker, Phillip" <pbaker@verisign.com>, ietf-pkix@imc.org
Subject: RE: charter revisions
Date: Wed, 5 Sep 2001 11:59:04 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1363C.D5133CF0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C1363C.D5133CF0
Content-Type: text/plain;
charset="iso-8859-1"
> Bob Jueneman wrote:
> > I wasn't suggesting that logos should be restricted to end-entities,
> > I was only pointing out that such a restriction would immediately
> > make the issue of name subordination and misuse of the logo by some
> > intermediate CA go away.
>
> This isn't true. Name constraints allow me to cross certify
> IBM's CA but
> indicate that the only DNs it is trusted to certify are those
> that begin
> with "c=us, o=IBM". Even if logos are restricted to end-entities,
> there's nothing stopping IBM's CA from placing a Sun logo in an
> end-entity certificate. So restricting logos to end-entities doesn't
> "make the issue of name subordination and misuse of the logo by some
> intermediate CA go away."
I don't see this as a problem for several reasons:
1) Logotypes have utility even if they cannot be used with
cross-certification.
2) The security of the infrastructure depends on the DNS system and
not the X.500 name system. The fact that the name is constrained as
you state does not in practice affect Internet applications. It might
affect OSI applications if any existed.
3) The objection is simply a restatement of the proposition that
'bad things happen if you cross certify with someone who
is not trustworthy'. This is not news.
> Apparently, you haven't read the draft that serves as the
> basis for this
> discussion, draft-ietf-pkix-logotypes-00.txt. The suggested
> format is a
> message digest and a URL.
The basis for this discussion is the proposed charter ammendments.
Phill
------_=_NextPart_000_01C1363C.D5133CF0
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C1363C.D5133CF0--
Received: by above.proper.com (8.11.6/8.11.3) id f85ICPV02709 for ietf-pkix-bks; Wed, 5 Sep 2001 11:12:25 -0700 (PDT)
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85ICND02705 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 11:12:23 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id MAA22557; Wed, 5 Sep 2001 12:12:21 -0600 (MDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id OAA05595; Wed, 5 Sep 2001 14:12:23 -0400 (EDT)
Message-ID: <3B966AF2.9B74708B@sun.com>
Date: Wed, 05 Sep 2001 14:12:02 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Bob Jueneman <bjueneman@novell.com>
CC: pbaker@verisign.com, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <sb9602a4.074@prv-mail20.provo.novell.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Bob Jueneman wrote:
> I wasn't suggesting that logos should be restricted to end-entities,
> I was only pointing out that such a restriction would immediately
> make the issue of name subordination and misuse of the logo by some
> intermediate CA go away.
This isn't true. Name constraints allow me to cross certify IBM's CA but
indicate that the only DNs it is trusted to certify are those that begin
with "c=us, o=IBM". Even if logos are restricted to end-entities,
there's nothing stopping IBM's CA from placing a Sun logo in an
end-entity certificate. So restricting logos to end-entities doesn't
"make the issue of name subordination and misuse of the logo by some
intermediate CA go away."
> (BTW, someone informed me that null crypto, e.g., plaintext, is a
> valid option in SSL, and worse yet, that if that option were
> selected because it was all that was available, the padlock icon
> would still appear and the https requirement for SSL security would
> be satisfied. Can anyone confirm that?)
I don't know about Internet Explorer, but Netscape Communicator 4.75 has
a checkbox under Security Preferences (accessed by clicking the
Navigator tab on the left and the Configure SSLv3 button) that allows
the user to enable "No encryption with an MD5 MAC". This checkbox is NOT
checked by default. I expect that this means that support for
Communicator will REJECT SSL connections with authentication but no
encryption, unless the user explicitly configures it otherwise. This
seems like reasonable behavior.
Phillip Hallam-Baker wrote:
> Another issue is size. I don't much want to see the size of
> certificates increase yet further. Perhaps a hash of the image
> and a URL would be preferable. Perhaps something a bit more.
Bob Jueneman wrote:
> I also like your suggestion of a URL and a message digest, rather
> than attempting to transport the entire logo itself within the
> certificate.
Apparently, you haven't read the draft that serves as the basis for this
discussion, draft-ietf-pkix-logotypes-00.txt. The suggested format is a
message digest and a URL.
-Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85HwQw02419 for ietf-pkix-bks; Wed, 5 Sep 2001 10:58:26 -0700 (PDT)
Received: from smtpproxy1.mitre.org (smtpproxy1.mitre.org [129.83.20.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85HwND02415 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:58:23 -0700 (PDT)
Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58]) by smtpproxy1.mitre.org (8.11.3/8.11.3) with ESMTP id f85HvZc25138; Wed, 5 Sep 2001 13:57:36 -0400 (EDT)
Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31]) by smtpsrv1.mitre.org (8.11.3/8.11.3) with ESMTP id f85HvYf15902; Wed, 5 Sep 2001 13:57:35 -0400 (EDT)
Received: from schaen-pc.mitre.org (128.29.162.49) by mailhub1.mitre.org with SMTP id 7524958; Wed, 05 Sep 2001 13:57:18 -0400
Message-ID: <3B966809.B20D530F@mitre.org>
Date: Wed, 05 Sep 2001 13:59:37 -0400
From: Sam Schaen <schaen@mitre.org>
Organization: The MITRE Corporation
X-Mailer: Mozilla 4.76 [en]C-20010313M (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Flynn, Michael" <MFlynn@verisign.com>
CC: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <C713C1768C55D3119D200090277AEECA023447AB@postal.verisign.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
For what it's worth, the US DOD PKI is relying on the archival strategy
described below. We're currently looking at 10.5 years for our Class 3
and 20.5 years for our class 4. I have no idea why someone considered
the extra half year important but that's what's in our CP. Certificates
will be removed from the CRL after they expire.
Sam Schaen
MITRE Corporation
"Flynn, Michael" wrote:
> Ryan,Ryan wrote::
> Now logically it makes sense to remove certificates that are expired
> from CRLs to control size, yes this has a negative point specifically
> it prevents CRLs from being used as a non-repudiation source; but this
> is mute due to many other issues.
>
> At least regarding removing expired certs from CRLs, I would think
> that non-repudiation can be satisfied by keeping the old CRLs in back
> up storage for some length of time. That time being how far back in
> time a contract dispute might go; ten years, twenty? So long as you
> could get them off tape for the lawyers to look at the legal process
> would be satisfied, they don't need to be online forever.
>
> Michael
>
>
> -----Original Message-----
> From: Ryan Hurst [mailto:ryanh@valicert.com]
> Sent: Tuesday, September 04, 2001 8:50 PM
> To: IETF-PKIX
> Subject: Removing expired certificates from CRLs.....
>
> I was speaking with Peter Williams today about the removal
> of expired certificates from CRLs; I have always been under
> the belief that this behavior was optional, I vaguely
> remembered reading text in 2459 along those lines;
> additionally I know of several commercial CAs that do not
> remove the expired certificates from their CRLs. Peter on
> the other hand was under the impression that it was a
> mandate to remove CRLs; he too remembered reading text in
> 2459 to support is position.
>
> So we each pulled out the RFC and found that we were both
> right! Specifically both sections 3.3 and 8.6.2.2 have text
> on this subject:
>
> 3.3Revocation
>
> When a certificate is issued, it is expected to be in use
> for its entire validity period.However, various
> circumstances may cause a certificate to become invalid
> prior to the expiration of the validity period.
>
> ....
>
> An entry is added to the CRL as part of the next update
> following notification of revocation. An entry may be
> removed from the CRL after appearing on one regularly
> scheduled CRL issued beyond the revoked certificate's
> validity period.
>
> 8.6.2.2 Issuing distribution point extension
>
> This CRL extension field identifies the CRL distribution
> point for this particular CRL, and indicates if the CRL is
> limited to revocations for end-entity certificates only, for
> authority certificates only, or for a limited set of reasons
> only. The CRL is signed by the CRL issuer's key- CRL
> distribution points do not have their own key pairs.
> However, for a CRL distributed via the Directory, the CRL is
> stored in the entry of the CRL distribution point, which may
> not be the directory entry of the CRL issuer.If this field
> is absent, the CRL shall contain entries for all
> revoked unexpired certificates issued by the CRL issuer.
>
> ....
>
> The distributionPointcomponent contains the name of the
> distribution point in one or more name forms. If this field
> is absent, the CRL shall contain entries for all revoked
> certificates issued by the CRL issuer. After a certificate
> appears on a CRL, it is deleted from a subsequent CRL after
> the certificate's expiry.
>
> Although section 8.6.2.2 is specifically in regards
> to CRLdps, any difference between full CRLs and CRLdps in
> this case I feel would be an arbitrary one.
>
> Now logically it makes sense to remove certificates that are
> expired from CRLs to control size, yes this has a negative
> point specifically it prevents CRLs from being used as a
> non-repudiation source; but this is mute due to many other
> issues.
>
> That being the case I think; and I believe Peter would agree
> the correct thing to do is to remove these expired/revoked
> entries from the CRL.
>
> The question now is what is the PKIX stance on this matter?
>
> Ryan M. Hurst
>
> ValiCert, Inc.
>
> "It may roundly be asserted that human ingenuity
> cannot concoct a cipher which human ingenuity
> cannot resolve."
>
> -Edgar Allan Poe
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85HaHx01829 for ietf-pkix-bks; Wed, 5 Sep 2001 10:36:17 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85HaED01821 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:36:14 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 05 Sep 2001 11:36:12 -0600
Message-Id: <sb960e2c.022@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Wed, 05 Sep 2001 11:38:28 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <ietf-pkix@imc.org>, <ryanh@valicert.com>, <MFlynn@verisign.com>
Subject: RE: Removing expired certificates from CRLs.....
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_3B619B9C.472643A6"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_3B619B9C.472643A6
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Ryan,
If you (the relying party) trust that the CA will be around for that long, =
and that the CRL records will be available if and when you need them, even =
if for a reasonable fee, then you can trust either the CA or some kind of =
a trusted repository to provide this function. Or if you are a true =
paranoid, you can archive them yourself, along with the document in =
question, together with all of the necessary timestamps and other =
corroborating evidence.
In either case, the primary reason for having a certificate validity =
period in the first place was to avoid an ever-increasing CRL list. The =
other factors, including a sunset-clause type of renewal requirement in =
lieu of active status monitoring by the CA, and the concomitant opportunity=
for an ongoing yearly revenue stream, were nice to have also.
So there is no reason why expired CRLs can't be removed one publication =
cycle after the certificate has expired, and they should. But they can't =
be removed immediately, because they might have been revoked one microsecon=
d prior to expiration, and before the next scheduled CRL has been =
published.
Bob
Robert R. Jueneman
Security Architect
Novell, Inc -- the leading provider of Net services software
>>> "Flynn, Michael" <MFlynn@verisign.com> 09/05/01 11:02AM >>>
Ryan,
=20
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it =
prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
=20
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up =
storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever. =20
=20
Michael
=20
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]=20
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along =
those
lines; additionally I know of several commercial CAs that do not remove =
the
expired certificates from their CRLs. Peter on the other hand was under =
the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
=20
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
=20
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate =
to
become invalid prior to the expiration of the validity period.
=20
...
=20
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
=20
=20
=20
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- =
CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL =
issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
=20
...
=20
The distributionPoint component contains the name of the distribution =
point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after =
the
certificate's expiry.
=20
=20
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.=20
=20
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it =
prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
=20
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.=20
=20
The question now is what is the PKIX stance on this matter?
=20
Ryan M. Hurst
ValiCert, Inc.
=20
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
=20
--=_3B619B9C.472643A6
Content-Type: text/plain
Content-Disposition: attachment; filename="Bob Jueneman.vcf"
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Bob Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell Inc. -- the leading provider of Net services software;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;;Novell, Inc.\n1800 South Novell Place\n;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah 84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah 84606
END:VCARD
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Robert R. Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell, Inc.;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@novell.com
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah 84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah 84606
TEL;HOME:1-801-765-4378
TEL;CELL:1-801-361-1410
TEL;PREF:1-801-861-7387, 1-800-453-1267
END:VCARD
--=_3B619B9C.472643A6--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85HJIN01464 for ietf-pkix-bks; Wed, 5 Sep 2001 10:19:18 -0700 (PDT)
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85HJHD01460 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:19:17 -0700 (PDT)
Received: from vhqpostal-gw2.verisign.com (mailer2.verisign.com [65.205.251.56]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id f85HGZm25331; Wed, 5 Sep 2001 10:16:35 -0700 (PDT)
Received: by vhqpostal-gw2.verisign.com with Internet Mail Service (5.5.2653.19) id <R514SMD6>; Wed, 5 Sep 2001 10:19:18 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586974C@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'Bob Jueneman'" <bjueneman@novell.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: ietf-pkix@imc.org
Subject: RE: charter revisions
Date: Wed, 5 Sep 2001 10:19:13 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1362E.E22BA070"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C1362E.E22BA070
Content-Type: text/plain;
charset="iso-8859-7"
Bob,
> I wasn't suggesting that logos should be restricted to
> end-entities, I was only pointing out that such a restriction
> would immediately make the issue of name subordination and
> misuse of the logo by some intermediate CA go away.
I didn't understand the problem. If you have bad intermediate CAs you have
rather more problems than just bad logos!
> I can see some significant marketing value in supporting an
> AUTHENTICATED use of a logo in an end-entity certificate, for
> example to convey a professional license or association
> membership in the case of an individual, and accredited
> membership in a trade or merchant association, such as a Visa brand.
Which is my interest. The fact that a logo must be authenticated is not a
problem if the market will bear the cost. I believe that customers would be
very pleased to pay an additional fee for an enhanced certificate.
> I also like your suggestion of a URL and a message digest,
> rather than attempting to transport the entire logo itself
> within the certificate. Both the retrieval and display of the
> logo could then be optional, and the logo could be cached
> within the browsers, etc. Although you didn't raise the point
> regarding the use by visually handicapped users, I was
> particularly impressed by the original reference to Scalable
> Vector Graphics, and to the potential use of alternate forms
> of identification, ranging from a audible logo (spoken, a
> commercial jingle, or whatever) to a braille pattern.
I don't see that disabilities issue is relevant. We are talking about an
additional feature, not the sole feature. Browsers for disabled users
already have to deal with the security issue. Logos would not make that
problem any harder. It is already possible to put the DN into Braille.
The spoken logo is more interesting because voice based applications are
increasing. The problem of distinguishing authenticated voice from
unauthenticated is considerably worse however.
> Of course it would be nice to have a solid indication of
> interest from the client software vendors to address the "if
> we build it will they come" question, but the absence of such
> a commitment certainly hasn't stopped us in the past, and it
> seems quite unlikely that we could ever obtain such a
> commitment when we are still debating the charter, and
> haven't begun to work on an RFC yet.
Absolutely, I just thought I would add in my one legitimate concern.
The concerns raised seemed to be mainly legal quibbles from non-lawyers. I
asked our lawyers and got a pretty enthusiastic response to the idea in
principle but as with the policy document they believe lawyers should be
involved in the drafting of the document. The idea of a legal considerations
section was well received.
> I don't mean to ignore or reject the valid concerns that have
> been expressed, but I do believe that sufficient technical
> progress has been made even in this limited dialogue to
> conclude that this is a valid work item, and one that has a
> least a reasonable chance of success.
I agree.
Phill
------_=_NextPart_000_01C1362E.E22BA070
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C1362E.E22BA070--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85H4nB01067 for ietf-pkix-bks; Wed, 5 Sep 2001 10:04:49 -0700 (PDT)
Received: from eagle.verisign.com (eagle.verisign.com [208.206.241.105]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85H4mD01063 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:04:48 -0700 (PDT)
Received: from postal-gw1.verisign.com (verisign.com [63.104.27.101]) by eagle.verisign.com (8.9.3/BCH1.7.1) with ESMTP id KAA10426; Wed, 5 Sep 2001 10:05:53 -0700 (PDT)
Received: by postal-gw.verisign.com with Internet Mail Service (5.5.2654.89) id <R5Q8C4CJ>; Wed, 5 Sep 2001 10:02:37 -0700
Message-ID: <C713C1768C55D3119D200090277AEECA023447AB@postal.verisign.com>
From: "Flynn, Michael" <MFlynn@verisign.com>
To: "'Ryan Hurst'" <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: RE: Removing expired certificates from CRLs.....
Date: Wed, 5 Sep 2001 10:02:33 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1362C.8E3F2B50"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1362C.8E3F2B50
Content-Type: text/plain;
charset="iso-8859-1"
Ryan,
Ryan wrote::
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
At least regarding removing expired certs from CRLs, I would think that
non-repudiation can be satisfied by keeping the old CRLs in back up storage
for some length of time. That time being how far back in time a contract
dispute might go; ten years, twenty? So long as you could get them off
tape for the lawyers to look at the legal process would be satisfied, they
don't need to be online forever.
Michael
-----Original Message-----
From: Ryan Hurst [mailto:ryanh@valicert.com]
Sent: Tuesday, September 04, 2001 8:50 PM
To: IETF-PKIX
Subject: Removing expired certificates from CRLs.....
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
------_=_NextPart_001_01C1362C.8E3F2B50
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content=Word.Document name=ProgId>
<META content="MSHTML 5.50.4616.200" name=GENERATOR>
<META content="Microsoft Word 10" name=Originator><LINK
href="cid:filelist.xml@01C13583.EFC4BB00" rel=File-List><o:SmartTagType
name="PersonName"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<STYLE>
st1\:*{behavior:url(#default#ieooui) }
</STYLE>
<![endif]-->
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=EN-US style="tab-interval: .5in" vLink=purple link=blue>
<DIV><SPAN class=537505516-05092001><FONT face="Courier New"
size=2>Ryan,</FONT></SPAN></DIV>
<DIV><SPAN class=537505516-05092001><FONT face="Courier New"
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=537505516-05092001><FONT face="Courier New" size=2>Ryan
wrote::</DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it makes sense to
remove certificates that are expired from <SPAN class=SpellE>CRLs</SPAN> to
control size, yes this has a negative point specifically it prevents <SPAN
class=SpellE>CRLs</SPAN> from being used as a non-repudiation source; but this
is mute due to many other issues.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN
class=537505516-05092001>At least regarding removing expired certs from CRLs, I
would think that non-repudiation can be satisfied by keeping the old CRLs in
back up storage for some length of time. That time being how far back in
time a contract dispute might go; ten years, twenty? So long as you could
get them off tape for the lawyers to look at the legal process would be
satisfied, they don't need to be online forever. </SPAN></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN
class=537505516-05092001></SPAN></o:p></SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN
class=537505516-05092001></SPAN></o:p></SPAN> </P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN
class=537505516-05092001>Michael</SPAN></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p><SPAN
class=537505516-05092001></SPAN></o:p></SPAN> </P></FONT></SPAN>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Ryan Hurst
[mailto:ryanh@valicert.com]<BR><B>Sent:</B> Tuesday, September 04, 2001 8:50
PM<BR><B>To:</B> IETF-PKIX<BR><B>Subject:</B> Removing expired certificates
from CRLs.....<BR><BR></FONT></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I was speaking with
</SPAN></FONT><st1:PersonName><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Peter
Williams</SPAN></FONT></st1:PersonName><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> today about the removal of
expired certificates from <SPAN class=SpellE>CRLs</SPAN>; I have always been
under the belief that this behavior was optional, I vaguely remembered reading
text in 2459 along those lines; additionally I know of several commercial
<SPAN class=SpellE>CAs</SPAN> that do not remove the expired certificates from
their <SPAN class=SpellE>CRLs</SPAN>. Peter on the other hand was under the
impression that it was a mandate to remove <SPAN class=SpellE>CRLs</SPAN>; he
too remembered reading text in 2459 to support is
position.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">So we each pulled out the RFC and
found that we were both right! Specifically both sections 3.3 and 8.6.2.2 have
text on this subject:<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><SPAN
class=GramE><B style="mso-bidi-font-weight: normal"><FONT face=Arial
size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-weight: normal">3.3<SPAN
style="mso-spacerun: yes"> </SPAN>Revocation</SPAN></FONT></B></SPAN><B
style="mso-bidi-font-weight: normal"><FONT face=Arial size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-weight: normal"><o:p></o:p></SPAN></FONT></B></P>
<P class=MsoNormal
style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">When a
certificate is issued, it is expected to be in use for its entire validity
period.<SPAN style="mso-spacerun: yes"> </SPAN>However, various
circumstances may cause a certificate to become invalid prior to the
expiration of the validity period.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal
style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal
style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; mso-layout-grid-align: none"><FONT
face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">An entry
is added to the CRL as part of the next update following notification of
revocation. <B><I><SPAN style="FONT-WEIGHT: bold; FONT-STYLE: italic">An entry
may be removed from the CRL after appearing on one regularly scheduled CRL
issued beyond the revoked certificate's validity
period.</SPAN></I></B><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><B><FONT face=Arial
size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Arial">8.6.2.2 Issuing
distribution point extension<o:p></o:p></SPAN></FONT></B></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">This CRL extension
field identifies the CRL distribution point for this particular CRL, and
indicates if the CRL is limited to revocations for end-entity certificates
only, for authority certificates only, or for a limited set of reasons only.
The CRL is signed by the CRL issuer's key- CRL distribution points do not have
their own key pairs. However, for a CRL distributed via the Directory, the CRL
is stored in the entry of the CRL distribution point, which may not be the
directory entry of the CRL issuer.<I><SPAN style="FONT-STYLE: italic">
<B><SPAN style="FONT-WEIGHT: bold">If this field is absent, the CRL shall
contain entries for all revoked <SPAN class=SpellE>unexpired</SPAN>
certificates issued by the CRL
issuer.</SPAN></B><o:p></o:p></SPAN></I></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><I><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">....<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
color=blue size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal style="mso-layout-grid-align: none"><FONT face=Arial
size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The
</SPAN></FONT><SPAN class=SpellE><B><FONT face=Arial size=1><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial">distributionPoint</SPAN></FONT></B></SPAN><B><FONT
face=Arial size=1><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 9pt; FONT-FAMILY: Arial">
</SPAN></FONT></B><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">component contains the name of the
distribution point in one or more name forms. If this field is absent, the CRL
shall contain entries for all revoked certificates issued by the CRL issuer.
<B><I><SPAN style="FONT-WEIGHT: bold; FONT-STYLE: italic">After a certificate
appears on a CRL, it is deleted from a subsequent CRL after the certificate's
expiry.<o:p></o:p></SPAN></I></B></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Although section 8.6.2.2 is
specifically in regards to <SPAN class=SpellE>CRLdps</SPAN>, any difference
between full <SPAN class=SpellE>CRLs</SPAN> and <SPAN
class=SpellE>CRLdps</SPAN> in this case I feel would be an arbitrary one.
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Now logically it makes sense to
remove certificates that are expired from <SPAN class=SpellE>CRLs</SPAN> to
control size, yes this has a negative point specifically it prevents <SPAN
class=SpellE>CRLs</SPAN> from being used as a non-repudiation source; but this
is mute due to many other issues.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">That being the case I think; and I
believe Peter would agree the correct thing to do is to remove these
expired/revoked entries from the CRL. <o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The question now is what is the
PKIX stance on this matter?<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Ryan M.
Hurst<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ValiCert,
Inc.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-STYLE: italic; mso-no-proof: yes">"It may
roundly be asserted that human ingenuity cannot concoct a cipher which human
ingenuity cannot resolve."</SPAN></FONT></I><SPAN
style="mso-no-proof: yes"><o:p></o:p></SPAN></P></BLOCKQUOTE>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; mso-no-proof: yes">-Edgar Allan
Poe</SPAN><o:p></o:p></FONT></P></BLOCKQUOTE>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C1362C.8E3F2B50--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85Gl4900700 for ietf-pkix-bks; Wed, 5 Sep 2001 09:47:04 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85Gl2D00695 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 09:47:02 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 05 Sep 2001 10:47:00 -0600
Message-Id: <sb9602a4.074@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Wed, 05 Sep 2001 10:49:21 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <pbaker@verisign.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: charter revisions
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f85Gl3D00696
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi, Phillip,
Although you didn't attach my note, you seemed to be responding to some of my comments, at least in part, so at the risk of violently agreeing with you, let me comment further.
I wasn't suggesting that logos should be restricted to end-entities, I was only pointing out that such a restriction would immediately make the issue of name subordination and misuse of the logo by some intermediate CA go away.
I can see some significant marketing value in supporting an AUTHENTICATED use of a logo in an end-entity certificate, for example to convey a professional license or association membership in the case of an individual, and accredited membership in a trade or merchant association, such as a Visa brand.
Whether multi-cultural issues are sufficient to place the Coca-Cola logo in a certificate, I'm not so sure, but I certainly wouldn't rule out the possibility, as I discussed with the Air Canada example. Standards organizations sometimes tend to be rather cavalier in such regards ¯ sort of a "let them eat ASCII" type of attitude. But I'd certainly prefer to see the Sony name/logotype displayed than I would their name in katakana, much less in Japanese ideographs.
But I also see considerable merit in your suggestion of a trust brand, to replace the "silly padlock". In many respects, it could be a human-readable equivalent of a CP, which is otherwise nearly useless in current practice, I believe.
(BTW, someone informed me that null crypto, e.g., plaintext, is a valid option in SSL, and worse yet, that if that option were selected because it was all that was available, the padlock icon would still appear and the https requirement for SSL security would be satisfied. Can anyone confirm that?)
I also like your suggestion of a URL and a message digest, rather than attempting to transport the entire logo itself within the certificate. Both the retrieval and display of the logo could then be optional, and the logo could be cached within the browsers, etc. Although you didn't raise the point regarding the use by visually handicapped users, I was particularly impressed by the original reference to Scalable Vector Graphics, and to the potential use of alternate forms of identification, ranging from a audible logo (spoken, a commercial jingle, or whatever) to a braille pattern.
Of course it would be nice to have a solid indication of interest from the client software vendors to address the "if we build it will they come" question, but the absence of such a commitment certainly hasn't stopped us in the past, and it seems quite unlikely that we could ever obtain such a commitment when we are still debating the charter, and haven't begun to work on an RFC yet.
I don't mean to ignore or reject the valid concerns that have been expressed, but I do believe that sufficient technical progress has been made even in this limited dialogue to conclude that this is a valid work item, and one that has a least a reasonable chance of success.
We aren't trying to square the circle using straight-edge and compass, nor are we trying to invent a perpetual motion machine. And yes, as Peter Gutman has demonstrated, anyone could include my gedanken MPEG of a cat in a certificate in any ad hoc way they wanted to, even in the DN if they were so inclined. One of major purposes of a group such as this is to try to herd all of the cats into a reasonably straight line, and towards an agreed-upon objective, just so that kind of ad hockery doesn't occur.
But no one is forced to contribute to such an RFC, or even read it, if they lack the energy.:-)
Bob
>>> "Hallam-Baker, Phillip" <pbaker@verisign.com> 09/05/01 09:17AM >>>
Why do logotypes have to be restricted to end entity certificates?
The most usefull place for a logo is in the root certificate so that you
know the trust brand that you are relying upon. Instead of the silly padlock
there should be an icon telling you who the trust provider is (Thawte,
VeriSign, etc.) and the strength (128bit, 40bit, WEP, etc.)
As for the complexity of cross certification etc., if logotypes don't work
in those situations then don't use them. We better hope that the
introduction of logotypes does not cause a problem with the cross
certification mechanism as some seem to believe since if that were true it
would indicate that the cross certification mechanism was broken (which
would imply adding a WG charter item to fix it which I do not see anyone
proposing).
I do consider the introduction of logotypes to be an intrinsic difficulty
for the CA or RA. Whether they would consider the market for them to be
worthwhile is another matter, likely to closely track the level of client
support.
I have not seen a convincing argument on the trademark issue. The registrar
will simply have to authenticate the ownership of the mark the same they
would any other piece of information, and presumably charge accordingly.
This can be subject to a CPS etc.
These issues may not be simple, however the degree of difficulty is
certainly not so great that the idea should be thrown out as some appear to
imply. If there really is concern we can go ask some lawyers and write a
'legal considerations' section to go along with the 'security
considerations' section.
The issue of far greater interest to me is whether any makers of client
application software have any interest in supporting the scheme. If not it
would simply be another crenelation on the specification.
Another issue is size. I don't much want to see the size of certificates
increase yet further. Perhaps a hash of the image and a URL would be
preferable. Perhaps something a bit more.
At any rate there is certainly enough to justify a WG item. If the WG
ultimately decides that it cannot solve the legal and technical difficulties
it can write a note explaining them for the benefit of future WGs.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
> -----Original Message-----
> From: Steve Hanna [mailto:steve.hanna@sun.com]
> Sent: Wednesday, September 05, 2001 10:19 AM
> To: Paul Hoffman / IMC
> Cc: ietf-pkix@imc.org
> Subject: Re: charter revisions
>
>
>
> Paul Hoffman / IMC wrote:
> > At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
> > >Unless the author of the Internet Draft indicates otherwise, I will
> > >assume that the primary purpose of putting logotypes in
> certificates
> > >is so that users can view them to make decisions about whether the
> > >certificates are trustworthy. In that case, the risks are
> much greater
> > >than those for the use case you described.
> >
> > Are the risks any greater than what we have in 2459 now
> with spelling
> > errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
> > certificate"? I agree with Russ that the benefits are
> higher, but I'm
> > not at all convinced that the risks are higher.
>
> Yes, the risks are greater than those encountered with textual names.
> For one thing, name constraints provide an effective way to limit the
> portion of the name space that can be reached via a cross certificate.
> No corresponding mechanism has been suggested for logotypes
> nor does it
> seem likely that such a mechanism could be developed.
>
> My original email cited several other security risks that are greater
> for logotypes than for textual names: CAs may find it harder
> to verify a
> certificate requester's right to use a logotype than their
> right to use
> a textual name and logotypes may change appearance radically on
> different devices. Several other risks have been pointed out in the
> recent email discussion: users may not be able to distinguish one
> logotype from another, users may not recall which logotype corresponds
> to which entity, and logotypes are not accessible to vision-impaired
> users or usable on text-only terminals.
>
> > >Unless we can develop a fairly secure way to meet the "marketing
> > >requirement" for logotypes in certificates, I would say that it is
> > >our obligation as an IETF working group to NOT accept this as a
> > >work item. Much better to have multiple incompatible ways
> > >to do something insecure (probably resulting in little deployment
> > >of this feature) than to have the PKIX working group issue an RFC
> > >explaining the one true way to do it. We are in the Security area,
> > >after all!
> >
> > The end of that paragraph doesn't follow from the beginning of the
> > paragraph. As long as the method we described doesn't have any
> > security holes, it doesn't matter if we meet some pre-existing
> > marketing "need". Further, some of the multiple, non-interoperable
> > protocols are likely to have security problems; that is worse than
> > having one protocol that doesn't meet the need of some CAs.
>
> The whole paragraph should be considered predicated by the
> first clause
> ("Unless..."). If that clause does not apply (i.e., we can develop a
> fairly secure way to place logotypes in certificates), then I
> don't have
> any objection to having this as a PKIX work item. But I have seen no
> sign that the objections raised so far can be overcome.
>
> > Mike Myers wrote:
> > >I agree with Stephen Farrell and Steve Hanna that logotypes are
> > >out of scope.
> >
> > They are out of scope; the discussion is whether to add them to
> > the scope.
>
> Of course, you are right. This is a charter discussion.
>
> RFC 2418 (BCP 25) says that "IETF developed technologies
> should not add
> insecurity to the environment in which they run." The IESG
> has enforced
> this in the past and it seems especially pertinent to a
> working group in
> the Security Area. I doubt that the IESG or the Security ADs
> will accept
> this work item in our charter unless we can argue convincingly that we
> can develop something that would not add insecurity to the environment
> in which it is run. I don't think we're there yet.
>
> -Steve
>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85FHg224525 for ietf-pkix-bks; Wed, 5 Sep 2001 08:17:42 -0700 (PDT)
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85FHfD24519 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 08:17:41 -0700 (PDT)
Received: from vhqpostal-gw1.verisign.com (mailer1.verisign.com [65.205.251.55]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id f85FEvm04887 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 08:14:57 -0700 (PDT)
Received: by vhqpostal-gw1.verisign.com with Internet Mail Service (5.5.2653.19) id <R5GA3YKM>; Wed, 5 Sep 2001 08:17:40 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586974A@vhqpostal.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: ietf-pkix@imc.org
Subject: RE: charter revisions
Date: Wed, 5 Sep 2001 08:17:28 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1361D.E0596130"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C1361D.E0596130
Content-Type: text/plain;
charset="iso-8859-1"
Why do logotypes have to be restricted to end entity certificates?
The most usefull place for a logo is in the root certificate so that you
know the trust brand that you are relying upon. Instead of the silly padlock
there should be an icon telling you who the trust provider is (Thawte,
VeriSign, etc.) and the strength (128bit, 40bit, WEP, etc.)
As for the complexity of cross certification etc., if logotypes don't work
in those situations then don't use them. We better hope that the
introduction of logotypes does not cause a problem with the cross
certification mechanism as some seem to believe since if that were true it
would indicate that the cross certification mechanism was broken (which
would imply adding a WG charter item to fix it which I do not see anyone
proposing).
I do consider the introduction of logotypes to be an intrinsic difficulty
for the CA or RA. Whether they would consider the market for them to be
worthwhile is another matter, likely to closely track the level of client
support.
I have not seen a convincing argument on the trademark issue. The registrar
will simply have to authenticate the ownership of the mark the same they
would any other piece of information, and presumably charge accordingly.
This can be subject to a CPS etc.
These issues may not be simple, however the degree of difficulty is
certainly not so great that the idea should be thrown out as some appear to
imply. If there really is concern we can go ask some lawyers and write a
'legal considerations' section to go along with the 'security
considerations' section.
The issue of far greater interest to me is whether any makers of client
application software have any interest in supporting the scheme. If not it
would simply be another crenelation on the specification.
Another issue is size. I don't much want to see the size of certificates
increase yet further. Perhaps a hash of the image and a URL would be
preferable. Perhaps something a bit more.
At any rate there is certainly enough to justify a WG item. If the WG
ultimately decides that it cannot solve the legal and technical difficulties
it can write a note explaining them for the benefit of future WGs.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
> -----Original Message-----
> From: Steve Hanna [mailto:steve.hanna@sun.com]
> Sent: Wednesday, September 05, 2001 10:19 AM
> To: Paul Hoffman / IMC
> Cc: ietf-pkix@imc.org
> Subject: Re: charter revisions
>
>
>
> Paul Hoffman / IMC wrote:
> > At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
> > >Unless the author of the Internet Draft indicates otherwise, I will
> > >assume that the primary purpose of putting logotypes in
> certificates
> > >is so that users can view them to make decisions about whether the
> > >certificates are trustworthy. In that case, the risks are
> much greater
> > >than those for the use case you described.
> >
> > Are the risks any greater than what we have in 2459 now
> with spelling
> > errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
> > certificate"? I agree with Russ that the benefits are
> higher, but I'm
> > not at all convinced that the risks are higher.
>
> Yes, the risks are greater than those encountered with textual names.
> For one thing, name constraints provide an effective way to limit the
> portion of the name space that can be reached via a cross certificate.
> No corresponding mechanism has been suggested for logotypes
> nor does it
> seem likely that such a mechanism could be developed.
>
> My original email cited several other security risks that are greater
> for logotypes than for textual names: CAs may find it harder
> to verify a
> certificate requester's right to use a logotype than their
> right to use
> a textual name and logotypes may change appearance radically on
> different devices. Several other risks have been pointed out in the
> recent email discussion: users may not be able to distinguish one
> logotype from another, users may not recall which logotype corresponds
> to which entity, and logotypes are not accessible to vision-impaired
> users or usable on text-only terminals.
>
> > >Unless we can develop a fairly secure way to meet the "marketing
> > >requirement" for logotypes in certificates, I would say that it is
> > >our obligation as an IETF working group to NOT accept this as a
> > >work item. Much better to have multiple incompatible ways
> > >to do something insecure (probably resulting in little deployment
> > >of this feature) than to have the PKIX working group issue an RFC
> > >explaining the one true way to do it. We are in the Security area,
> > >after all!
> >
> > The end of that paragraph doesn't follow from the beginning of the
> > paragraph. As long as the method we described doesn't have any
> > security holes, it doesn't matter if we meet some pre-existing
> > marketing "need". Further, some of the multiple, non-interoperable
> > protocols are likely to have security problems; that is worse than
> > having one protocol that doesn't meet the need of some CAs.
>
> The whole paragraph should be considered predicated by the
> first clause
> ("Unless..."). If that clause does not apply (i.e., we can develop a
> fairly secure way to place logotypes in certificates), then I
> don't have
> any objection to having this as a PKIX work item. But I have seen no
> sign that the objections raised so far can be overcome.
>
> > Mike Myers wrote:
> > >I agree with Stephen Farrell and Steve Hanna that logotypes are
> > >out of scope.
> >
> > They are out of scope; the discussion is whether to add them to
> > the scope.
>
> Of course, you are right. This is a charter discussion.
>
> RFC 2418 (BCP 25) says that "IETF developed technologies
> should not add
> insecurity to the environment in which they run." The IESG
> has enforced
> this in the past and it seems especially pertinent to a
> working group in
> the Security Area. I doubt that the IESG or the Security ADs
> will accept
> this work item in our charter unless we can argue convincingly that we
> can develop something that would not add insecurity to the environment
> in which it is run. I don't think we're there yet.
>
> -Steve
>
------_=_NextPart_000_01C1361D.E0596130
Content-Type: application/octet-stream;
name="Phillip Hallam-Baker (E-mail).vcf"
Content-Disposition: attachment;
filename="Phillip Hallam-Baker (E-mail).vcf"
BEGIN:VCARD
VERSION:2.1
N:Hallam-Baker;Phillip
FN:Phillip Hallam-Baker (E-mail)
ORG:VeriSign
TITLE:Principal Consultant
TEL;WORK;VOICE:(781) 245-6996 x227
EMAIL;PREF;INTERNET:hallam@verisign.com
REV:20010214T163732Z
END:VCARD
------_=_NextPart_000_01C1361D.E0596130--
Received: by above.proper.com (8.11.6/8.11.3) id f85EqdH23774 for ietf-pkix-bks; Wed, 5 Sep 2001 07:52:39 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85EqbD23770 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:52:37 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA27581; Wed, 5 Sep 2001 10:54:24 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010406b7bbeb93305a@[128.33.84.34]>
In-Reply-To: <3B95D12A.FD72B6EF@bull.net>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B950681.9355D577@bull.net> <p05010404b7babe9a79ed@[128.33.84.34]> <3B95D12A.FD72B6EF@bull.net>
Date: Wed, 5 Sep 2001 10:47:58 -0400
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 9:15 AM +0200 9/5/01, Denis Pinkas wrote:
>Steve,
>
>(deleted text)
>
>> >I also found that 3/02 for DPV/DPD Protocols RFCs, may be a little bit
>> >optimistic. 3/04 would probably be more appropriate.
>
>> OK, I'll make that change.
>
>With the writing of dates in the reverse way between my country and yours,
>I got confused. I was thinking that April 2002 would be reasonable, not
>for the RFC being published (by experience we know that it takes months
>between an IETF last call being passed and an RFC publication), but for
>a WG last call.
>
>So if we assume WG Last call in April 2002 and IETF last call in June 2002,
>then we add 6 months for publication and this makes December 2002 (12/02,
>I presume) for a possible publication.
>
>Denis
OK.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85Eg8121644 for ietf-pkix-bks; Wed, 5 Sep 2001 07:42:08 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85Eg6D21640 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:42:06 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA24962 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:44:25 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010405b7bbe821612c@[128.33.84.34]>
In-Reply-To: <sb94e051.032@prv-mail20.provo.novell.com>
References: <sb94e051.032@prv-mail20.provo.novell.com>
Date: Wed, 5 Sep 2001 10:42:59 -0400
To: <ietf-pkix@imc.org>
From: Stephen Kent <kent@bbn.com>
Subject: RE: charter revisions
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Folks,
There seems to be some misunderstanding about the future of PKIX,
that has arisen as a side effect of the charter discussions.
PKIX is far from the longest lived WG, or even the longest lived
security WG, as some comments have suggested. Check out the lifetime
of CAT for example.
Neither co-chair has suggested that they are running out of energy,
although that characterization was made about the WG.
In addition to new work items, we have a long term commitment to
progressing our current, standards track RFCs through to full
standard status, and we anticipate continuing interactions with the
X.509 committee as the base standards that we profile continue to
evolve. We have had very good interactions with the X.509 committee
members over the years; both groups have benefited from the give and
take.
Finally, people are always free to pursue PKI-related activities in
other fora, e.g., industry consortia. However, these other fora
usually do not operate in the same fashion as an IETF WG, e.g., they
have different agendas, different "membership" requirements, and one
ought not expect the output to be the same. Thus I do not anticipate
PKIX ceding its role in this arena to such fora.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85EdU221550 for ietf-pkix-bks; Wed, 5 Sep 2001 07:39:30 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85EdSD21546 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:39:29 -0700 (PDT)
Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id KAA03856 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 10:39:29 -0400 (EDT)
Message-Id: <4.2.2.20010905102623.00be2ad0@email.nist.gov>
X-Sender: cooper@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Wed, 05 Sep 2001 10:38:41 -0400
To: IETF-PKIX <ietf-pkix@imc.org>
From: "David A. Cooper" <david.cooper@nist.gov>
Subject: Re: Removing expired certificates from CRLs.....
In-Reply-To: <5.1.0.14.0.20010905154128.028d6980@exchsvr1.entegrity.com>
References: <3B962702.FE312F@bull.net> <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com> <5.1.0.14.0.20010905144446.028ef020@exchsvr1.entegrity.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_6098898==_.ALT"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--=====================_6098898==_.ALT
Content-Type: text/plain; charset="us-ascii"
At 03:53 PM 9/5/01 +0200, Nada Kapidzic Cicovic wrote:
>Denis,
>
>I was making comments on the text which Ryan extracted in his mail, assuming that they were from the son-of-RFC2459.
>
>In particular the last sentence in this paragraph:
>
>The distributionPoint component contains the name of the distribution point in one or more name forms. If this field is absent, the CRL shall contain entries for all revoked certificates issued by the CRL issuer. After a certificate appears on a CRL, it is deleted from a subsequent CRL after the certificate's expiry.
>
>However, after getting your comment I realized that this sentence and the referred section 8.6.2.2 comes from the X.509 (the latest version that I have on my disk is X_509_4thEditionDraftV6, and it contains the above text).
I have X_509_4thEditionDraftV8 on my computer and it appears that this has been fixed. I now says "After a certificate appears on a CRL, it may be deleted from a subsequent CRL after the certificates expiry." I didn't bother to look at son-of-2459.
In any case, both X.509 and son-of-2459 should say that a certificate may be deleted from a CRL after it has expired. In general, though, I don't think there is much benefit to leaving expired certificates on CRLs. The problem is that, at the moment, if an expired certificate is not listed on a CRL, there is no way to determine whether it is not listed because it was never revoked or if it was revoked but is not listed because it was removed after expiration.
Some time ago, there was a suggestion to create a new, non-critical CRL extension that would specify whether an expired certificate was covered by a CRL (e.g., the extension could state: "This CRL includes all revoked certificates that expire(d) after Jan. 1, 2001 (i.e., notAfter >= 010101000000Z)."). There didn't seem to be much support for this idea, so the extension was never created.
>The current text of the son-of-RFC2459 does not seem to contain it or any other misleading sentences regarding this issue.
>
>Sorry for the confusion.
>
>Nada
--=====================_6098898==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
At 03:53 PM 9/5/01 +0200, Nada Kapidzic Cicovic wrote:<br>
<blockquote type=cite cite>Denis,<br>
<br>
I was making comments on the text which Ryan extracted in his mail,
assuming that they were from the son-of-RFC2459.<br>
<br>
In particular the last sentence in this paragraph:<br>
<br>
The <font size=2><b>distributionPoint </font></b>component contains the
name of the distribution point in one or more name forms. If this field
is absent, the CRL shall contain entries for all revoked certificates
issued by the CRL issuer. <b><i>After a certificate appears on a CRL, it
is deleted from a subsequent CRL after the certificate's expiry.<br>
<br>
</b></i>However, after getting your comment I realized that this sentence
and the referred section 8.6.2.2 comes from the X.509 (the latest version
that I have on my disk is X_509_4thEditionDraftV6, and it contains the
above text). </blockquote><br>
I have X_509_4thEditionDraftV8 on my computer and it appears that this
has been fixed. I now says "After a certificate appears on a CRL, it
<b>may be</b> deleted from a subsequent CRL after the certificates
expiry." I didn't bother to look at son-of-2459.<br>
<br>
In any case, both X.509 and son-of-2459 should say that a certificate may
be deleted from a CRL after it has expired. In general, though, I
don't think there is much benefit to leaving expired certificates on
CRLs. The problem is that, at the moment, if an expired certificate
is not listed on a CRL, there is no way to determine whether it is not
listed because it was never revoked or if it was revoked but is not
listed because it was removed after expiration.<br>
<br>
Some time ago, there was a suggestion to create a new, non-critical CRL
extension that would specify whether an expired certificate was covered
by a CRL (e.g., the extension could state: "This CRL includes all
revoked certificates that expire(d) after Jan. 1, 2001 (i.e., notAfter
>= 010101000000Z)."). There didn't seem to be much support for
this idea, so the extension was never created.<br>
<br>
<blockquote type=cite cite>The current text of the son-of-RFC2459 does
not seem to contain it or any other misleading sentences regarding this
issue. <br>
<br>
Sorry for the confusion.<br>
<br>
Nada</blockquote><br>
</html>
--=====================_6098898==_.ALT--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85EbH721514 for ietf-pkix-bks; Wed, 5 Sep 2001 07:37:17 -0700 (PDT)
Received: from menelao.polito.it (menelao.polito.it [130.192.3.30]) by above.proper.com (8.11.6/8.11.3) with SMTP id f85EbGD21510 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:37:16 -0700 (PDT)
Message-Id: <200109051437.f85EbGD21510@above.proper.com>
Received: (qmail 8796 invoked from network); 5 Sep 2001 14:37:15 -0000
Received: from lioy.polito.it (HELO LIOY) (130.192.1.64) by menelao.polito.it with SMTP; 5 Sep 2001 14:37:15 -0000
Subject: Re: Removing expired certificates from CRLs.....
Date: Wed, 05 Sep 2001 13:48:09 +0200
From: Antonio Lioy <a.lioy@polito.it>
Organization: Politecnico di Torino
To: IETF-PKIX <ietf-pkix@imc.org>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Nada Kapidzic Cicovic wrote:
>
> Ryan,
>
> Some years ago we at Entegrity also had similar discussion. We were
> positive CRLs were not to contain the information about the expired
> certificates, until we came across some industry CA CRLs containing
> information about all revoked certificates. We then looked into 2459
> (draft in those days) and X.509 text and came to the conclusion that
> deleting info about expired certificates from a CRL is only an option.
>
> I am not sure what was the intention of the original authors of X.509
> (perhaps Sharon and Hoyt know more about it), but the current industry
> practice seems to be a mixture of both approaches.
>
> My personal opinion is that keeping all revoked certificates info in
> CRLs brings more problems than benefits. However, it is questionable
> whether PKIX needs to take a vote for one approach or the other.
>
> In any case I would suggest that the text of 2459 be modified so that
> it has a MAY (or a MUST) consistently in all places where deleting
> expired certificates revocation info from CRLs is mentioned. The
> current text only brings confusion, as you have already pointed out.
I vote for MAY (rather than MUST) because it is largely a matter of the
CA: if there are few revoked certificates, there is no benefit in
deleting them from the CRL once they expire, but - on the countrary - if
they are deleted, this can cause problems to applications.
For example, let us suppose that I receive today a document signed two
years ago with a cert currently expired, and I want to check the
revokation status of the related certificates at the signature time.
If I retrieve the current CRL, it might not contain the cert (if it was
revoked) due to the CA policy of deleting from the CRL the expired
certificates.
So, how can I retrieve the first CRL issued after signature time? it
seems to me that there is no provision for such a request in neither
OCSP nor CMP, so many CAs do not delete expired certs from CRLs to avoid
this problem. Therefore, I think that PKIX should permit this kind of
behaviour and not force CA into a mode of operation that can cause
application problems.
Just my 2c.
Antonio Lioy
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85EWV621382 for ietf-pkix-bks; Wed, 5 Sep 2001 07:32:31 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85EWUD21378 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:32:30 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA22016; Wed, 5 Sep 2001 10:34:48 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010404b7bbdfb8674d@[128.33.84.34]>
In-Reply-To: <3B9532CC.EF74B9E8@sun.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com> <p05010403b7bab9e15dcc@[128.33.84.34]> <3B9532CC.EF74B9E8@sun.com>
Date: Wed, 5 Sep 2001 10:32:56 -0400
To: Steve Hanna <steve.hanna@sun.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 4:00 PM -0400 9/4/01, Steve Hanna wrote:
>Stephen Kent wrote:
>> The same name may be used for products or by organizations in
>> different "areas" if there is a belief that no confusion will result.
>> However, a trademark, in its graphic form, is also a copyrighted image
>> and as such is subject to a different set of legal rules that
>> generally prohibit outright duplication. The legal challenges arise
>> when two logos seem too similar to one another, in the eyes of one of
>> the logo holders, and this is when courts step in and adjudicate the
>> dispute. Nonetheless, this discussion does not argue against the
>> ability of a CA to make a judgement about the legitimacy of a
>> subject's claim to the right to use a trademarked logo. Perahps the
>> point you're making above is that logos may not be as uniquely helpful
>> in identifying an organization because of the possibility of similar
>> logos being used by entities in different areas. That's a fair
>> critique, but in a different dimension.
>
>I don't think copyright would help much if two companies had trademarks
>in different countries for a logo that looks like a red circle. But
>IANAL, so I will abandon that line of argument. Maybe the international
>copyright and trademark system is strong enough to ensure that the same
>logo cannot be registered by two different entities in different
>countries, even if one of those entities is a sham operated by criminals
>for the purpose of impersonating the other.
I hate to beat a dead horse, but ... Consider the current problem
for a CA that is asked to issue a cert to Company X, with a DN
selected by that company. There is not a central registry for DNs
where the CA can check to verify that the company in question is
entitled to use the DN it proposes. Certainly this is true if the
U.S. So, since CAs regularly make value judgements about
appropriateness of DNs given imperfect inputs, I don't see the logo
"verification" as something fundamentally different and harder.
(Gee, for someone who has not been a big supporter of this I seem to
spend an awful lot of time defending it ... Stefan, where are you?)
>You do make a good point that two logos different enough to be legally
>distinct may not be distinguishable to the average user. It's also true
>that users may not remember the logo associated with a particular
>company. Visa, yes. But maybe not Schwab.
Yep. And if we adopt a logo extension, I would expect to see this as
part of the security considerations section.
>
>> > Do we know of any CAs that want to include logotypes in certificates
>> > that they issue, plan to verify those logotypes, and would be
>> > willing to
>> > provide some sort of assurances to back that up in their CPS's?
>>
>> Stefan represents one such CA service provider.
>
>Really? I haven't heard Stefan say anything about how AddTrust would
>verify logotypes or what assurances his company would provide in this
>regard. Maybe he told you this in private conversation.
Stefan certainly has indicated that his interest in pursuing this was
motivated by his perception of a market need, based on his experience
as CTO for AddTrust. I inferred that AddTrust would make use of this
facility if it were available.
> > I would prefer to find a way to impose some form of constraint on
>> the appearance of logos analogous to what we do in cross certs for names
>> or policies. because a logo is not structured, the name constraints
>> mechanism can never be used in so precise a fashion, even if we choose
>> to put a logo in some name form. but, it would be nice to have a way
>> to prevent a CA further down a cross-cert chain from introducing a
>> logo if one wants to prevent such action. Just because we don't have a
>> mechanism to do this yet doesn't mean we can't work toward one.
>
>This would mean that all existing cross-certificates would allow
>logotypes in certificates. It might be better to say that certificate
>containing a logotype should not be validated (or, at least, the
>logotype should be ignored) unless all preceding certificates in the
>path have an extension that says logotypes are allowed.
I didn't mean to suggest details of solution at this point; I just
wanted to express what I thought was a good requirement. To be
analogous to what we can do with policy mapping and inhibition of
policy mapping and with name constraints, it might sufficient if a CA
could preclude inclusion of a logo extension in any subsequent cert
in a path.
>
>> > > >Third, an apparently innocuous logotype can change appearance
>> > radically
>> > > >when scaled to a smaller size or mapped to a different number of
>> > colors.
>> > > >This can be exploited to deceive cell phone users into thinking
>> > that
>> > > >they're communicating with their bank, for instance.
>> > >
>> > > I had not considered this issue. we should explore ways that this
>> > > problem might be avoided. presumably anyone displaying a logo on a
>> > > web page has a similar concern, so maybe there are viable means to
>> > > address this issue.
>> >
>> > The problem with displaying a logo on a web page is different
>> > (unless I
>> > didn't understand you). With a logo in a certificate, we want to
>> > make
>> > sure that the person requesting the certificate doesn't trademark a
>> > bogus logo and get it included in their certificate just so they can
>> > trick a user who sees a scaled-down version of the logo into
>> > believing
>> > it's a trusted logo. The closest analogy is getting a web server
>> > certificate for paypa1.com (where the letter ell is actually a
>> > number
>> > one). If you can get the user to click on an https://www.paypa1.com
>> > URL,
>> > the user will think they are viewing a secure paypal website if the
>> > font
>> > they use to view URLs displays ell and one the same way.
>> >
>> > When viewing a logo on a web page, the user should not make
>> > decisions
>> > about whose web page it is based on the logo. Instead, we have been
>> > trying to convince them to look at the host name in the URL and
>> > check
>> > that the padlock or key is lit up to indicate that an SSL connection
>> > is
>>
>> > in use.
>>
>> The reality is that logos on web pages are designed to inspire
>> confidence in users based on visiting the web page, period. Yes,
>> someone can put up a similar logo to try to fool people, or even put
>> up the valid logo without the permission of the logo owner. We rely on
>> the legal system to detect and remedy these problems, ex post facto.
>> That's not as good as preventing them, but many folks argue that it is
>> better than not offering a logo-based marking facility. When it comes
>> to putting logos in certs, we have a better mechanism in many cases,
>> since the binding is secured and there are fewer CAs than there are
>> web sites.
>
>Just seeing a logo on a web page doesn't inspire much confidence in me.
>Yes, the logo owner will probably pursue those who misuse the logo. But
>the Internet is a rough place. The miscreants may skip town with no
>forwarding address and I (the user) will be very sad if I gave them my
>brokerage account password and they emptied the account.
You and I probably are not the folks for whom the logo extension
would be of great value.
>That's why we have HTTPS. The end user notices that the padlock or key
>is lit up and decides that the host name in the URL is OK, so they enter
>their brokerage account password. If we change this so that the user is
>deciding that a *logo* is OK, I want to make sure the binding between
>the logotype and the public key is secure and that the logotype that
>appears in the certificate is properly displayed to the user.
Agreed.
>But this is completely pedantic. The original issue was that a logo can
>change appearance when it's scaled or mapped to different colors. A pink
>circle is different from a green circle for trademark and copyright
>purposes. But how do you distinguish them when they're displayed on a
>black and white screen? I don't think that web page technology has any
>magic bullets in this area. And what about blind users? With URLs, they
>can have their screen-reader read the URL back to them. Graphics will be
>completely inaccessible.
Good points about the limitations of a logo.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85EJ2r20142 for ietf-pkix-bks; Wed, 5 Sep 2001 07:19:02 -0700 (PDT)
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85EJ0D20132; Wed, 5 Sep 2001 07:19:00 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id IAA28994; Wed, 5 Sep 2001 08:18:57 -0600 (MDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id KAA02353; Wed, 5 Sep 2001 10:19:01 -0400 (EDT)
Message-ID: <3B96343F.5BD5C3CF@sun.com>
Date: Wed, 05 Sep 2001 10:18:39 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Paul Hoffman / IMC <phoffman@imc.org>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com> <p05100327b7baf1ca610b@[165.227.249.20]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Paul Hoffman / IMC wrote:
> At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
> >Unless the author of the Internet Draft indicates otherwise, I will
> >assume that the primary purpose of putting logotypes in certificates
> >is so that users can view them to make decisions about whether the
> >certificates are trustworthy. In that case, the risks are much greater
> >than those for the use case you described.
>
> Are the risks any greater than what we have in 2459 now with spelling
> errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
> certificate"? I agree with Russ that the benefits are higher, but I'm
> not at all convinced that the risks are higher.
Yes, the risks are greater than those encountered with textual names.
For one thing, name constraints provide an effective way to limit the
portion of the name space that can be reached via a cross certificate.
No corresponding mechanism has been suggested for logotypes nor does it
seem likely that such a mechanism could be developed.
My original email cited several other security risks that are greater
for logotypes than for textual names: CAs may find it harder to verify a
certificate requester's right to use a logotype than their right to use
a textual name and logotypes may change appearance radically on
different devices. Several other risks have been pointed out in the
recent email discussion: users may not be able to distinguish one
logotype from another, users may not recall which logotype corresponds
to which entity, and logotypes are not accessible to vision-impaired
users or usable on text-only terminals.
> >Unless we can develop a fairly secure way to meet the "marketing
> >requirement" for logotypes in certificates, I would say that it is
> >our obligation as an IETF working group to NOT accept this as a
> >work item. Much better to have multiple incompatible ways
> >to do something insecure (probably resulting in little deployment
> >of this feature) than to have the PKIX working group issue an RFC
> >explaining the one true way to do it. We are in the Security area,
> >after all!
>
> The end of that paragraph doesn't follow from the beginning of the
> paragraph. As long as the method we described doesn't have any
> security holes, it doesn't matter if we meet some pre-existing
> marketing "need". Further, some of the multiple, non-interoperable
> protocols are likely to have security problems; that is worse than
> having one protocol that doesn't meet the need of some CAs.
The whole paragraph should be considered predicated by the first clause
("Unless..."). If that clause does not apply (i.e., we can develop a
fairly secure way to place logotypes in certificates), then I don't have
any objection to having this as a PKIX work item. But I have seen no
sign that the objections raised so far can be overcome.
> Mike Myers wrote:
> >I agree with Stephen Farrell and Steve Hanna that logotypes are
> >out of scope.
>
> They are out of scope; the discussion is whether to add them to
> the scope.
Of course, you are right. This is a charter discussion.
RFC 2418 (BCP 25) says that "IETF developed technologies should not add
insecurity to the environment in which they run." The IESG has enforced
this in the past and it seems especially pertinent to a working group in
the Security Area. I doubt that the IESG or the Security ADs will accept
this work item in our charter unless we can argue convincingly that we
can develop something that would not add insecurity to the environment
in which it is run. I don't think we're there yet.
-Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85E2wK19475 for ietf-pkix-bks; Wed, 5 Sep 2001 07:02:58 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85E2uD19471 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:02:56 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA03272; Wed, 5 Sep 2001 10:04:28 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010403b7bbdf885c0f@[128.33.84.34]>
In-Reply-To: <3B950681.9355D577@bull.net>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B950681.9355D577@bull.net>
Date: Wed, 5 Sep 2001 09:57:05 -0400
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 6:51 PM +0200 9/4/01, Denis Pinkas wrote:
>Steve,
>
>This is a very late answer, but I took some more vacations. :-)
>
>During the London meeting I presented some preliminary work about an
>INFORMATIONAL RFC on PKI Disaster Planning and Recovery and I realized that
>this is not included in the new charter.
>
>I would think that the following time table could be appropriate:
>
> 3/04 PKI Disaster Planning and Recovery. INFORMATIONAL RFC.
>
>Would it still be possible to add it to the list ?
>
>I also found that 3/02 for DPV/DPD Protocols RFCs, may be a little bit
>optimistic. 3/04 would probably be more appropriate.
>
>Regards,
>
>Denis
I think it would be appropriate, as an informational RFC, analogous
to the PKI P&P RFC.
Comments from others?
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85E2uX19470 for ietf-pkix-bks; Wed, 5 Sep 2001 07:02:56 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85E2tD19466 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:02:55 -0700 (PDT)
Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id KAA01734; Wed, 5 Sep 2001 10:02:53 -0400 (EDT)
Message-Id: <4.2.2.20010905094718.00bddb40@email.nist.gov>
X-Sender: cooper@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Wed, 05 Sep 2001 10:02:07 -0400
To: Peter Williams <peterw@valicert.com>, ietf-pkix@imc.org
From: "David A. Cooper" <david.cooper@nist.gov>
Subject: RE: Path validation and self-signed certificates
In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A303@exchange.valicert .com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Peter,
Perhaps I could have been more clear, but I believe that the two of us agree on this issue.
At 06:21 PM 9/4/01 -0700, Peter Williams wrote:
>I disagree with your recommendation. I am thinking
>as an long-term implementor who has followed
>and interpreted the particular X.509 guidance through
>5 generations of PKI software now, when I say the
>following:
>
>Anyone can send any set of certificates in a proposed path; it
>is for the receipient to sort, and select, which certs represent
>a trust path that meets their local security policy
>requirements. This includes choosing certs based on their
>convergence with locally-recognised trust anchors.
I agree. If the sender of a message includes a bag of certificates with that message, the sender can include any set of certificates that he/she wants. It is the recipient's responsibility to sort through these certificates (and any other certificates from any other source that the recipient chooses) to create a certification path for path validation.
The message that I sent was only dealing with the sequence of certificates in the certification path to be validated. I never intended to address the allowable contents of a certificate bag in a PKCS #7. While it would be nice if the sender of a message only included certificates in the message that have the potential to be useful to the recipient, that is outside the scope of the e-mail that I sent as well as the previous messages in this thread.
>For example, one can send two parallel paths to
>a given recipient in the certs list of a PKCS7
>msg, each of whose trust-anchors may be indicated by a
>self-signed cert.
>
>The one path (of the two sent) to be actually validated depends upon the
>receivers application software, not the PKIX path processing
>algorithm. Upon discovery, elements of the selected path should be
>then passed to the X.509 path processing
>algorithm implementation. In a good implementation
>of the application, the passed path will include only those
>elements of the trust path that meet the path processing rules;
>this should does not include the self-signed cert. If found,
>the self signed cert should be ignored by the security module
>evaluated to ensure conformance to PKIX/509.
The above paragraph is in agreement with my recommendation. A relying party application should either (a) only generate certification paths that do not include self-signed certificates or (b) ignore self-signed certificates that appear in certification paths when performing path validation. In either case, this has nothing to do with the set of certificates that an entity may send to a potential relying party.
>Of course, how the path processing algorithm learns which
>trust anchors are legitimate is something that is
>not-standardized, and should not be indicated to the algorithm
>by information derived from a cert path. If the application
>before passing the cert path to X.509 path processing
>has setup a path-processing security context with the two trust
>anchors recently delivered via self-signed certs,
>then this is acceptable application practice. If we were
>building PEM, perhaps the IPRA public key would be
>pre-installed in every security context...
>
>Lets remember, its not IETF business to standardize the
>non-Internet applications that use PKI; of which there are now
>many. They discover paths and control trust anchors however
>they wish. It is PKIX business to ensure that two path processing
>algorithm given the same inputs would
>produce the same result concerning a valid path. After
>10 years of trying, we are about as far from this
>goal as ever, unfortunately, in Internet praxis.
>
>Peter.
>
>-----Original Message-----
>From: David A. Cooper [mailto:david.cooper@nist.gov]
>Sent: Saturday, August 25, 2001 2:33 PM
>To: ietf-pkix@imc.org
>Subject: RE: Path validation and self-signed certificates
>
>
>
>All,
>
>I believe that PKIX should either discourage or forbid the inclusion of
>self-signed certificates in certification paths for the following reasons:
>
>1) Section 8.1.5 of the 4th edition of X.509 states that
>
> There are three circumstances under which a certification authority
>may
> issue a certificate to itself:
>
> a) as a convenient way of encoding its public key for communication
>to,
> and storage by, its certificate users;
>
> b) ...
>
> For purposes of path validation, self-issued certificates of type
>a) are verified
> with the public key contained in them, and if they are encountered
>in the path,
> they shall be ignored.
>
>So, X.509 states that self-signed certificate are only to be used as a
>convenient way of encoding a public key, and that self-signed certificates,
>if they are encountered in a certification path are to be ignored. Thus, if
>PKIX were to allow the processing of self-signed certificates, it would not
>be compliant with X.509.
>
>2) As Peter Hesse pointed out, many CAs issue self-signed certificates with
>a minimum necessary information (e.g., a version 1 certificate with just a
>name, public key, and validity dates). Any such certificates included in a
>certification path would result in an empty valid_policy_tree. Old-with-new
>and new-with-old self-issued certificates are designed to be used as part of
>certification paths and so should contain all of the necessary extensions
>(e.g., basicConstraints, certificatePolicies), but self-signed certificates
>may be been issued simply as a means of distributing the public key to
>relying parties that will use that key as a trust anchor. If these
>certificates are included in, and are processed as parts of, certification
>paths, the results may be rejecting end certificates that should be have
>been accepted.
>
>3) If a CA suspects that its key has been compromised (or it otherwise
>determines that none of the certificates it has issued should be considered
>valid), it should request that every certificate issued to it be revoked (as
>is stated in the Security Considerations section). If possible, it should
>also revoke all of the certificates it has issued (not just its self-signed
>certificate). If a CA can revoke its own self-signed certificate then it can
>revoke all of the certificates it has issued. Doing so will ensure that all
>relying parties know about the revocation, not just those relying parties
>that check to see whether the signed-signed certificate has been revoked.
>
>4) If an organization uses client software that processes self-signed
>certificates, there is risk that that organization will issue certificates
>from its own CA assuming that relying parties process self-signed
>certificates. This organization's CA may then issue self-signed certificates
>with constraints (e.g., name constraints, path length constraints, etc.)
>that they expect relying parties to see, but the CA, assuming that relying
>parties will process its self-signed certificates, may not include the
>constraints in any of its other certificates.
>
>So, if there is no set rule, there is the risk that relying parties that do
>process self-signed certificates will lose some interoperability and those
>that do not will overlook intended path processing constraints.
>
>Hiroyuki Sakakibara presented an example in which processing self-signed
>certificates helped to prevent a security breach. In his example, A issues
>a cross-certificate to B and B's private key is compromised. Hiroyuki
>pointed out that by processing B's self-signed certificate (to see if it has
>expired or has been revoked) one may have a chance to detect the compromise
>even if A does not cooperate by revoking the certificate that it issued to
>B. However, as he pointed out, this is not foolproof. The entity that
>compromised B's key could issue a new self-signed certificate with a later
>notAfter date along with CRLs that make it appear as if B's certificates are
>still good. If on the other hand, B were able to get its own CRLs to relying
>parties, it could just revoke all of its certificates instead of just its
>self-signed certificate, thus ensuring that any relying party that receives
>its CRLs will know that its certificates can not be trusted, whether they
>process B's self-s!
>igned certificates or not.
>
>In general though, if a certification path of the form ... --> A --> B -->
>... is being processed, I don't think there is much that B can do to protect
>relying parties from A's improper behavior. If A issues certificates to B
>with notAfter dates that are later than they should be or if A refuses to
>revoke B's certificate when requested to do so, there is little that B can
>do to protect A's relying parties (or the relying parties of any CA that
>preceded A in the path) from A, particularly in the case when B's private
>key has been compromised. I don't think that it is worth diverging from
>X.509 and introducing interoperability problems into PKIX in an attempt to
>try.
>
>Dave
>
>At 04:37 PM 8/24/01 -0700, Ryan Hurst wrote:
> >Peter -
> >
> >I agree with your comments on self-signed certificates in chains with only
>one exception, specifically in regards to revocation. There are several
>cases where the revocation of a self-signed CA would make sense, what about
>cessationOfOperation, superseded and affiliationChanged? These reasons do
>not imply any sort of compromise of key material. We make many "known
>assumptions" in PKI and the catch 22 of key material management and trust is
>one of them, without these "known assumptions" many of the things in son-off
>fall apart.
> >
> >Ryan
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85E2PS19452 for ietf-pkix-bks; Wed, 5 Sep 2001 07:02:25 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85E2OD19444 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 07:02:24 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA03263; Wed, 5 Sep 2001 10:04:26 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010402b7bbdf2243fc@[128.33.84.34]>
In-Reply-To: <3B9531B8.8A723AD5@zolera.com>
References: <EOEGJNFMMIBDKGFONJJDAEIMCEAA.myers@coastside.net> <3B9531B8.8A723AD5@zolera.com>
Date: Wed, 5 Sep 2001 09:56:11 -0400
To: Rich Salz <rsalz@zolera.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: Michael Myers <myers@coastside.net>, ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 3:55 PM -0400 9/4/01, Rich Salz wrote:
>Is the CA processing for adding a logo extension any different from
>adding any other extension? I don't see how/why.
>
>Can't this work item be accomplished just by an RFC that assigns OID's
>to some popular image formats?
>
> /r$
>
>--
>Zolera Systems, Your Key to Online Integrity
>Securing Web services: XML, SOAP, Dig-sig, Encryption
>http://www.zolera.com
Although we have yet to decide how (or maybe even whether) to address
this problem, it seems likely that more is needed than just an OID
for an image, e.g., because we may not want to carry the image in the
cert, but rather have a pointer to the image.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85Dtuf18615 for ietf-pkix-bks; Wed, 5 Sep 2001 06:55:56 -0700 (PDT)
Received: from exchsvr1.entegrity.com (exchsvr1.entegrity.com [207.215.19.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85DttD18611 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 06:55:55 -0700 (PDT)
Received: from cooper.entegrity.com (dave.entegrity.se [195.100.88.62]) by exchsvr1.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id PGA42AG2; Wed, 5 Sep 2001 07:00:44 -0700
Message-Id: <5.1.0.14.0.20010905154128.028d6980@exchsvr1.entegrity.com>
X-Sender: nada@exchsvr1.entegrity.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 05 Sep 2001 15:53:30 +0200
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Nada Kapidzic Cicovic <nada@entegrity.com>
Subject: Re: Removing expired certificates from CRLs.....
Cc: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
In-Reply-To: <3B962702.FE312F@bull.net>
References: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com> <5.1.0.14.0.20010905144446.028ef020@exchsvr1.entegrity.com>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
<html>
At 03:22 PM 9/5/01 +0200, Denis Pinkas wrote:<br>
<blockquote type=cite class=cite cite>Nada,<br><br>
Which text are using using ? In son-of-RC2459 there is no section
8.6.2.2.<br>
as you indicate.</blockquote><br>
Denis,<br><br>
I was making comments on the text which Ryan extracted in his mail,
assuming that they were from the son-of-RFC2459.<br><br>
In particular the last sentence in this paragraph:<br><br>
The <font size=2><b>distributionPoint </b></font>component contains the
name of the distribution point in one or more name forms. If this field
is absent, the CRL shall contain entries for all revoked certificates
issued by the CRL issuer. <b><i>After a certificate appears on a CRL, it
is deleted from a subsequent CRL after the certificate's
expiry.<br><br>
</i></b>However, after getting your comment I realized that this sentence
and the referred section 8.6.2.2 comes from the X.509 (the latest version
that I have on my disk is X_509_4thEditionDraftV6, and it contains the
above text). <br><br>
The current text of the son-of-RFC2459 does not seem to contain it or any
other misleading sentences regarding this issue. <br><br>
Sorry for the confusion.<br><br>
Nada<br><br>
<br><br>
<blockquote type=cite class=cite cite>Please be more specific on the
exact sentence that you think is not<br>
appropriate in son-of-RC2459 and which exact change you would like to
be<br>
done.<br><br>
Denis<br><br>
<br>
> >Nada and Ryan,<br>
> ><br>
> > > Ryan,<br>
> > ><br>
> > > Some years ago we at Entegrity also had similar
discussion. We were<br>
> > > positive CRLs were not to contain the information about
the expired<br>
> > > certificates, until we came across some industry CA CRLs
containing<br>
> > > information about all revoked certificates. We then looked
into 2459<br>
> > > (draft in those days) and X.509 text and came to the
conclusion that<br>
> > > deleting info about expired certificates from a CRL is
only an option.<br>
> > ><br>
> > > I am not sure what was the intention of the original
authors of X.509<br>
> > > (perhaps Sharon and Hoyt know more about it), but the
current industry<br>
> > > practice seems to be a mixture of both approaches.<br>
> ><br>
> >At the very beginning, when ISO started the work,
non-repudiation was not<br>
> >considered, but only authentication and data origin
authentication.<br>
> ><br>
> > > My personal opinion is that keeping all revoked
certificates info in CRLs<br>
> > > brings more problems than benefits. However, it is
questionable whether<br>
> > > PKIX needs to take a vote for one approach or the
other.<br>
> > ><br>
> > > In any case I would suggest that the text of 2459 be
modified so that it<br>
> > > has a MAY (or a MUST) consistently in all places where
deleting expired<br>
> > > certificates revocation info from CRLs is mentioned. The
current text only<br>
> > > brings confusion, as you have already pointed out.<br>
> ><br>
> >In all the sentences that have been extracted below, I could not
find a<br>
> >place where a change would be necessary. So I believe that the
current text<br>
> >is OK : it tells how long revoked certificates MUST be kept in a
CRL but<br>
> >does not forbid to maintain them longer. I agree that
maintaining them too<br>
> <br>
> The text in 8.6.2.2 does not mention the possibility of leaving the
expired<br>
> certificates identifiers in CRL. The last extracted sentence is
very<br>
> explicit in requiring removal of revocation info for expired
certificates.<br>
> <br>
> >long would be a problem because of the increasing size of the
CRL, hence why<br>
> >CRL information should be captured when still available, in case
a<br>
> >non-repudiation service is supported.<br>
> <br>
> I could not agree more. Perhaps DPV/DPD work could include such
guidelines.<br>
> <br>
> >We could add is a recommendation like: "Certificates
identifiers<br>
> >for certificates that contain the NR bit in the KeyUsage
extension field<br>
> >SHOULD be maintained in a CRL a few days or weeks after they
have expired."<br>
> ><br>
> >However, it seems rather late to add such a sentence, since we
passed IETF<br>
> >last call. I leave the issue to the editors ...<br>
> <br>
> You are right. Since the document has already progressed this far,
it may<br>
> not be worth making additional modifications.<br>
> <br>
> Nada<br>
> <br>
> >Denis<br>
> ><br>
> ><br>
> > > Nada<br>
> > ><br>
> > > At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:<br>
> > ><br>
> > > > I was speaking with Peter Williams today about the
removal of expired<br>
> > > > certificates from CRLs; I have always been under the
belief that this<br>
> > > > behavior was optional, I vaguely remembered reading
text in 2459 along<br>
> > > > those lines; additionally I know of several
commercial CAs that do not<br>
> > > > remove the expired certificates from their CRLs.
Peter on the other hand<br>
> > > > was under the impression that it was a mandate to
remove CRLs; he too<br>
> > > > remembered reading text in 2459 to support is
position.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > So we each pulled out the RFC and found that we were
both right!<br>
> > > > Specifically both sections 3.3 and 8.6.2.2 have text
on this subject:<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > 3.3 Revocation<br>
> > > ><br>
> > > > When a certificate is issued, it is expected to be in
use for its entire<br>
> > > > validity period. However, various circumstances
may cause a certificate<br>
> > > > to become invalid prior to the expiration of the
validity period.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > ....<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > An entry is added to the CRL as part of the next
update following<br>
> > > > notification of revocation. An entry may be removed
from the CRL after<br>
> > > > appearing on one regularly scheduled CRL issued
beyond the revoked<br>
> > > > certificate's validity period.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > 8.6.2.2 Issuing distribution point extension<br>
> > > ><br>
> > > > This CRL extension field identifies the CRL
distribution point for this<br>
> > > > particular CRL, and indicates if the CRL is limited
to revocations for<br>
> > > > end-entity certificates only, for authority
certificates only, or for a<br>
> > > > limited set of reasons only. The CRL is signed by the
CRL issuer's key-<br>
> > > > CRL distribution points do not have their own key
pairs. However, for a<br>
> > > > CRL distributed via the Directory, the CRL is stored
in the entry of the<br>
> > > > CRL distribution point, which may not be the
directory entry of the CRL<br>
> > > > issuer. If this field is absent, the CRL shall
contain entries for all<br>
> > > > revoked unexpired certificates issued by the CRL
issuer.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > ....<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > The distributionPoint component contains the name of
the distribution<br>
> > > > point in one or more name forms. If this field is
absent, the CRL shall<br>
> > > > contain entries for all revoked certificates issued
by the CRL issuer.<br>
> > > > After a certificate appears on a CRL, it is deleted
from a subsequent<br>
> > > > CRL after the certificate's expiry.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Although section 8.6.2.2 is specifically in regards
to CRLdps, any<br>
> > > > difference between full CRLs and CRLdps in this case
I feel would be an<br>
> > > > arbitrary one.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Now logically it makes sense to remove certificates
that are expired<br>
> > > > from CRLs to control size, yes this has a negative
point specifically it<br>
> > > > prevents CRLs from being used as a non-repudiation
source; but this is<br>
> > > > mute due to many other issues.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > That being the case I think; and I believe Peter
would agree the correct<br>
> > > > thing to do is to remove these expired/revoked
entries from the CRL.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > The question now is what is the PKIX stance on this
matter?<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Ryan M. Hurst<br>
> > > ><br>
> > > > ValiCert, Inc.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > "It may roundly be
asserted that human ingenuity cannot concoct a<br>
> > > > cipher which human
ingenuity cannot resolve."<br>
> > > > -Edgar Allan Poe<br>
> > > ><br>
> > > > </blockquote></html>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85DMip17749 for ietf-pkix-bks; Wed, 5 Sep 2001 06:22:44 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85DMgD17745 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 06:22:43 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA46864; Wed, 5 Sep 2001 15:24:41 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id PAA05890; Wed, 5 Sep 2001 15:22:08 +0200
Message-ID: <3B962702.FE312F@bull.net>
Date: Wed, 05 Sep 2001 15:22:10 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Nada Kapidzic Cicovic <nada@entegrity.com>
CC: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com> <5.1.0.14.0.20010905144446.028ef020@exchsvr1.entegrity.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Nada,
Which text are using using ? In son-of-RC2459 there is no section 8.6.2.2.
as you indicate.
Please be more specific on the exact sentence that you think is not
appropriate in son-of-RC2459 and which exact change you would like to be
done.
Denis
> >Nada and Ryan,
> >
> > > Ryan,
> > >
> > > Some years ago we at Entegrity also had similar discussion. We were
> > > positive CRLs were not to contain the information about the expired
> > > certificates, until we came across some industry CA CRLs containing
> > > information about all revoked certificates. We then looked into 2459
> > > (draft in those days) and X.509 text and came to the conclusion that
> > > deleting info about expired certificates from a CRL is only an option.
> > >
> > > I am not sure what was the intention of the original authors of X.509
> > > (perhaps Sharon and Hoyt know more about it), but the current industry
> > > practice seems to be a mixture of both approaches.
> >
> >At the very beginning, when ISO started the work, non-repudiation was not
> >considered, but only authentication and data origin authentication.
> >
> > > My personal opinion is that keeping all revoked certificates info in CRLs
> > > brings more problems than benefits. However, it is questionable whether
> > > PKIX needs to take a vote for one approach or the other.
> > >
> > > In any case I would suggest that the text of 2459 be modified so that it
> > > has a MAY (or a MUST) consistently in all places where deleting expired
> > > certificates revocation info from CRLs is mentioned. The current text only
> > > brings confusion, as you have already pointed out.
> >
> >In all the sentences that have been extracted below, I could not find a
> >place where a change would be necessary. So I believe that the current text
> >is OK : it tells how long revoked certificates MUST be kept in a CRL but
> >does not forbid to maintain them longer. I agree that maintaining them too
>
> The text in 8.6.2.2 does not mention the possibility of leaving the expired
> certificates identifiers in CRL. The last extracted sentence is very
> explicit in requiring removal of revocation info for expired certificates.
>
> >long would be a problem because of the increasing size of the CRL, hence why
> >CRL information should be captured when still available, in case a
> >non-repudiation service is supported.
>
> I could not agree more. Perhaps DPV/DPD work could include such guidelines.
>
> >We could add is a recommendation like: "Certificates identifiers
> >for certificates that contain the NR bit in the KeyUsage extension field
> >SHOULD be maintained in a CRL a few days or weeks after they have expired."
> >
> >However, it seems rather late to add such a sentence, since we passed IETF
> >last call. I leave the issue to the editors ...
>
> You are right. Since the document has already progressed this far, it may
> not be worth making additional modifications.
>
> Nada
>
> >Denis
> >
> >
> > > Nada
> > >
> > > At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:
> > >
> > > > I was speaking with Peter Williams today about the removal of expired
> > > > certificates from CRLs; I have always been under the belief that this
> > > > behavior was optional, I vaguely remembered reading text in 2459 along
> > > > those lines; additionally I know of several commercial CAs that do not
> > > > remove the expired certificates from their CRLs. Peter on the other hand
> > > > was under the impression that it was a mandate to remove CRLs; he too
> > > > remembered reading text in 2459 to support is position.
> > > >
> > > >
> > > >
> > > > So we each pulled out the RFC and found that we were both right!
> > > > Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
> > > >
> > > >
> > > >
> > > > 3.3 Revocation
> > > >
> > > > When a certificate is issued, it is expected to be in use for its entire
> > > > validity period. However, various circumstances may cause a certificate
> > > > to become invalid prior to the expiration of the validity period.
> > > >
> > > >
> > > >
> > > > ....
> > > >
> > > >
> > > >
> > > > An entry is added to the CRL as part of the next update following
> > > > notification of revocation. An entry may be removed from the CRL after
> > > > appearing on one regularly scheduled CRL issued beyond the revoked
> > > > certificate's validity period.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 8.6.2.2 Issuing distribution point extension
> > > >
> > > > This CRL extension field identifies the CRL distribution point for this
> > > > particular CRL, and indicates if the CRL is limited to revocations for
> > > > end-entity certificates only, for authority certificates only, or for a
> > > > limited set of reasons only. The CRL is signed by the CRL issuer's key-
> > > > CRL distribution points do not have their own key pairs. However, for a
> > > > CRL distributed via the Directory, the CRL is stored in the entry of the
> > > > CRL distribution point, which may not be the directory entry of the CRL
> > > > issuer. If this field is absent, the CRL shall contain entries for all
> > > > revoked unexpired certificates issued by the CRL issuer.
> > > >
> > > >
> > > >
> > > > ....
> > > >
> > > >
> > > >
> > > > The distributionPoint component contains the name of the distribution
> > > > point in one or more name forms. If this field is absent, the CRL shall
> > > > contain entries for all revoked certificates issued by the CRL issuer.
> > > > After a certificate appears on a CRL, it is deleted from a subsequent
> > > > CRL after the certificate's expiry.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Although section 8.6.2.2 is specifically in regards to CRLdps, any
> > > > difference between full CRLs and CRLdps in this case I feel would be an
> > > > arbitrary one.
> > > >
> > > >
> > > >
> > > > Now logically it makes sense to remove certificates that are expired
> > > > from CRLs to control size, yes this has a negative point specifically it
> > > > prevents CRLs from being used as a non-repudiation source; but this is
> > > > mute due to many other issues.
> > > >
> > > >
> > > >
> > > > That being the case I think; and I believe Peter would agree the correct
> > > > thing to do is to remove these expired/revoked entries from the CRL.
> > > >
> > > >
> > > >
> > > > The question now is what is the PKIX stance on this matter?
> > > >
> > > >
> > > >
> > > > Ryan M. Hurst
> > > >
> > > > ValiCert, Inc.
> > > >
> > > >
> > > >
> > > > "It may roundly be asserted that human ingenuity cannot concoct a
> > > > cipher which human ingenuity cannot resolve."
> > > > -Edgar Allan Poe
> > > >
> > > >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85DDri16986 for ietf-pkix-bks; Wed, 5 Sep 2001 06:13:53 -0700 (PDT)
Received: from web13703.mail.yahoo.com (web13703.mail.yahoo.com [216.136.175.136]) by above.proper.com (8.11.6/8.11.3) with SMTP id f85DDqD16982 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 06:13:52 -0700 (PDT)
Message-ID: <20010905131353.70821.qmail@web13703.mail.yahoo.com>
Received: from [61.139.82.190] by web13703.mail.yahoo.com via HTTP; Wed, 05 Sep 2001 21:13:53 CST
Date: Wed, 5 Sep 2001 21:13:53 +0800 (CST)
From: =?gb2312?q?li=20yunfeng?= <forward_li@yahoo.com.cn>
Subject: Re: Removing expired certificates from CRLs.....
To: Ryan Hurst <ryanh@valicert.com>
Cc: ietf-pkix@imc.org
In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE219@exchange.valicert.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ryan:
I now are developing PKIX software, and encouted the
same question as yours, Because befor one can check
the CRL, one may first check the certificate's
validate period. So I think remove the expired
certificate from the CRL will be benefit to keep the
CRL small at least
forward li
--- Ryan Hurst <ryanh@valicert.com> µÄÕýÎÄ£º> I was
speaking with Peter Williams today about the
> removal of expired
> certificates from CRLs; I have always been under the
> belief that this
> behavior was optional, I vaguely remembered reading
> text in 2459 along those
> lines; additionally I know of several commercial CAs
> that do not remove the
> expired certificates from their CRLs. Peter on the
> other hand was under the
> impression that it was a mandate to remove CRLs; he
> too remembered reading
> text in 2459 to support is position.
>
> So we each pulled out the RFC and found that we were
> both right!
> Specifically both sections 3.3 and 8.6.2.2 have text
> on this subject:
>
> 3.3 Revocation
> When a certificate is issued, it is expected to be
> in use for its entire
> validity period. However, various circumstances may
> cause a certificate to
> become invalid prior to the expiration of the
> validity period.
>
> ....
>
> An entry is added to the CRL as part of the next
> update following
> notification of revocation. An entry may be removed
> from the CRL after
> appearing on one regularly scheduled CRL issued
> beyond the revoked
> certificate's validity period.
>
>
>
> 8.6.2.2 Issuing distribution point extension
> This CRL extension field identifies the CRL
> distribution point for this
> particular CRL, and indicates if the CRL is limited
> to revocations for
> end-entity certificates only, for authority
> certificates only, or for a
> limited set of reasons only. The CRL is signed by
> the CRL issuer's key- CRL
> distribution points do not have their own key pairs.
> However, for a CRL
> distributed via the Directory, the CRL is stored in
> the entry of the CRL
> distribution point, which may not be the directory
> entry of the CRL issuer.
> If this field is absent, the CRL shall contain
> entries for all revoked
> unexpired certificates issued by the CRL issuer.
>
> ....
>
> The distributionPoint component contains the name of
> the distribution point
> in one or more name forms. If this field is absent,
> the CRL shall contain
> entries for all revoked certificates issued by the
> CRL issuer. After a
> certificate appears on a CRL, it is deleted from a
> subsequent CRL after the
> certificate's expiry.
>
>
> Although section 8.6.2.2 is specifically in regards
> to CRLdps, any
> difference between full CRLs and CRLdps in this case
> I feel would be an
> arbitrary one.
>
> Now logically it makes sense to remove certificates
> that are expired from
> CRLs to control size, yes this has a negative point
> specifically it prevents
> CRLs from being used as a non-repudiation source;
> but this is mute due to
> many other issues.
>
> That being the case I think; and I believe Peter
> would agree the correct
> thing to do is to remove these expired/revoked
> entries from the CRL.
>
> The question now is what is the PKIX stance on this
> matter?
>
> Ryan M. Hurst
> ValiCert, Inc.
>
> "It may roundly be asserted that human ingenuity
> cannot concoct a cipher
> which human ingenuity cannot resolve."
> -Edgar Allan Poe
>
>
_________________________________________________________
Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn
<font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª
ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85DCKK16940 for ietf-pkix-bks; Wed, 5 Sep 2001 06:12:20 -0700 (PDT)
Received: from web13707.mail.yahoo.com (web13707.mail.yahoo.com [216.136.175.140]) by above.proper.com (8.11.6/8.11.3) with SMTP id f85DCID16934 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 06:12:18 -0700 (PDT)
Message-ID: <20010905131219.12734.qmail@web13707.mail.yahoo.com>
Received: from [61.139.82.190] by web13707.mail.yahoo.com via HTTP; Wed, 05 Sep 2001 21:12:19 CST
Date: Wed, 5 Sep 2001 21:12:19 +0800 (CST)
From: =?gb2312?q?li=20yunfeng?= <forward_li@yahoo.com.cn>
Subject: Re: Removing expired certificates from CRLs.....
To: Nada Kapidzic Cicovic <nada@entegrity.com>
Cc: ietf-pkix@imc.org
In-Reply-To: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Ryan:
I now are developing PKIX software, and encouted the
same question as yours, Because befor one can check
the CRL, one may first check the certificate's
validate period. So I think remove the expired
certificate from the CRL will be benefit to keep the
CRL small.
forward li
--- Nada Kapidzic Cicovic <nada@entegrity.com>
µÄÕýÎÄ£º
<HR>
<html>
Ryan,<br><br>
Some years ago we at Entegrity also had similar
discussion. We were
positive CRLs were not to contain the information
about the expired
certificates, until we came across some industry CA
CRLs containing
information about all revoked certificates. We then
looked into 2459
(draft in those days) and X.509 text and came to the
conclusion that
deleting info about expired certificates from a CRL is
only an
option.<br><br>
I am not sure what was the intention of the original
authors of X.509
(perhaps Sharon and Hoyt know more about it), but the
current industry
practice seems to be a mixture of both
approaches.<br><br>
My personal opinion is that keeping all revoked
certificates info in CRLs
brings more problems than benefits. However, it is
questionable whether
PKIX needs to take a vote for one approach or the
other. <br><br>
In any case I would suggest that the text of 2459 be
modified so that it
has a MAY (or a MUST) c<font face="Arial,
Helvetica">onsistently</font>
in all places where deleting expired certificates
revocation info from
CRLs is mentioned. The current text only brings
confusion, as you have
already pointed out.<br><br>
Nada<br><br>
At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:<br><br>
<blockquote type=cite class=cite cite><font
face="arial" size=2>I was
speaking with Peter Williams today about the removal
of expired
certificates from CRLs; I have always been under the
belief that this
behavior was optional, I vaguely remembered reading
text in 2459 along
those lines; additionally I know of several commercial
CAs that do not
remove the expired certificates from their CRLs. Peter
on the other hand
was under the impression that it was a mandate to
remove CRLs; he too
remembered reading text in 2459 to support is
position.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>So we each pulled out the
RFC and found that we
were both right! Specifically both sections 3.3 and
8.6.2.2 have text on
this subject:<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2><b>3.3 Revocation<br>
</b></font><br>
<font face="arial" size=2>When a certificate is
issued, it is expected to
be in use for its entire validity period.
However, various
circumstances may cause a certificate to become
invalid prior to the
expiration of the validity period.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>....<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>An entry is added to the CRL
as part of the
next update following notification of revocation.
<b><i>An entry may be
removed from the CRL after appearing on one regularly
scheduled CRL
issued beyond the revoked certificate's validity
period.<br>
</i></b></font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2><b>8.6.2.2 Issuing
distribution point
extension<br>
</b></font><br>
<font face="arial" size=2>This CRL extension field
identifies the CRL
distribution point for this particular CRL, and
indicates if the CRL is
limited to revocations for end-entity certificates
only, for authority
certificates only, or for a limited set of reasons
only. The CRL is
signed by the CRL issuer's key- CRL distribution
points do not have their
own key pairs. However, for a CRL distributed via the
Directory, the CRL
is stored in the entry of the CRL distribution point,
which may not be
the directory entry of the CRL issuer.<i> <b>If this
field is absent, the
CRL shall contain entries for all revoked unexpired
certificates issued
by the CRL issuer.<br>
</i></b></font><br>
<font face="arial" size=2><i> <br>
</i></font><br>
<font face="arial" size=2>....<br>
</font><br>
<font face="arial" size=2 color="#0000FF"> <br>
</font><br>
<font face="arial" size=2>The
</font><font face="arial" size=1><b>distributionPoint
</b></font><font face="arial" size=2>component
contains the name of the
distribution point in one or more name forms. If this
field is absent,
the CRL shall contain entries for all revoked
certificates issued by the
CRL issuer. <b><i>After a certificate appears on a
CRL, it is deleted
from a subsequent CRL after the certificate's
expiry.<br>
</i></b></font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Although section 8.6.2.2 is
specifically in
regards to CRLdps, any difference between full CRLs
and CRLdps in this
case I feel would be an arbitrary one. <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Now logically it makes sense
to remove
certificates that are expired from CRLs to control
size, yes this has a
negative point specifically it prevents CRLs from
being used as a
non-repudiation source; but this is mute due to many
other issues.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>That being the case I think;
and I believe
Peter would agree the correct thing to do is to remove
these
expired/revoked entries from the CRL. <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>The question now is what is
the PKIX stance on
this matter?<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Ryan M. Hurst<br>
</font><br>
<font face="arial" size=2>ValiCert, Inc.<br>
</font><br>
<font face="arial" size=2> </font>
<dl><font face="Times New Roman, Times">
<dd>"It may roundly be asserted that human
ingenuity cannot concoct
a cipher which human ingenuity cannot
resolve."</i></font><font face="Times New Roman,
Times">
<dd>-Edgar Allan Poe</font>
</dl><font face="Times New Roman,
Times"> </font></blockquote></html>
_________________________________________________________
Do You Yahoo!? µÇ¼Ãâ·ÑÑÅ»¢µçÓÊ! http://mail.yahoo.com.cn
<font color=#6666FF>ÎÞÁÄ£¿ÓôÃÆ£¿¸ßÐË£¿Ã»ÀíÓÉ£¿¶¼À´ÁÄÌì°É£¡</font>¡ª¡ª
ÑÅ»¢È«ÐÂÁÄÌìÊÒ! http://cn.chat.yahoo.com/c/roomlist.html
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85Ct0P15631 for ietf-pkix-bks; Wed, 5 Sep 2001 05:55:00 -0700 (PDT)
Received: from exchsvr1.entegrity.com (exchsvr1.entegrity.com [207.215.19.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85CswD15627 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 05:54:58 -0700 (PDT)
Received: from cooper.entegrity.com (dave.entegrity.se [195.100.88.62]) by exchsvr1.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id PGA42AB1; Wed, 5 Sep 2001 05:59:49 -0700
Message-Id: <5.1.0.14.0.20010905144446.028ef020@exchsvr1.entegrity.com>
X-Sender: nada@exchsvr1.entegrity.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 05 Sep 2001 14:52:40 +0200
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Nada Kapidzic Cicovic <nada@entegrity.com>
Subject: Re: Removing expired certificates from CRLs.....
Cc: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
In-Reply-To: <3B96169B.E1A037B0@bull.net>
References: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 02:12 PM 9/5/01 +0200, Denis Pinkas wrote:
>Nada and Ryan,
>
> > Ryan,
> >
> > Some years ago we at Entegrity also had similar discussion. We were
> > positive CRLs were not to contain the information about the expired
> > certificates, until we came across some industry CA CRLs containing
> > information about all revoked certificates. We then looked into 2459
> > (draft in those days) and X.509 text and came to the conclusion that
> > deleting info about expired certificates from a CRL is only an option.
> >
> > I am not sure what was the intention of the original authors of X.509
> > (perhaps Sharon and Hoyt know more about it), but the current industry
> > practice seems to be a mixture of both approaches.
>
>At the very beginning, when ISO started the work, non-repudiation was not
>considered, but only authentication and data origin authentication.
>
> > My personal opinion is that keeping all revoked certificates info in CRLs
> > brings more problems than benefits. However, it is questionable whether
> > PKIX needs to take a vote for one approach or the other.
> >
> > In any case I would suggest that the text of 2459 be modified so that it
> > has a MAY (or a MUST) consistently in all places where deleting expired
> > certificates revocation info from CRLs is mentioned. The current text only
> > brings confusion, as you have already pointed out.
>
>In all the sentences that have been extracted below, I could not find a
>place where a change would be necessary. So I believe that the current text
>is OK : it tells how long revoked certificates MUST be kept in a CRL but
>does not forbid to maintain them longer. I agree that maintaining them too
The text in 8.6.2.2 does not mention the possibility of leaving the expired
certificates identifiers in CRL. The last extracted sentence is very
explicit in requiring removal of revocation info for expired certificates.
>long would be a problem because of the increasing size of the CRL, hence why
>CRL information should be captured when still available, in case a
>non-repudiation service is supported.
I could not agree more. Perhaps DPV/DPD work could include such guidelines.
>We could add is a recommendation like: "Certificates identifiers
>for certificates that contain the NR bit in the KeyUsage extension field
>SHOULD be maintained in a CRL a few days or weeks after they have expired."
>
>However, it seems rather late to add such a sentence, since we passed IETF
>last call. I leave the issue to the editors ...
You are right. Since the document has already progressed this far, it may
not be worth making additional modifications.
Nada
>Denis
>
>
> > Nada
> >
> > At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:
> >
> > > I was speaking with Peter Williams today about the removal of expired
> > > certificates from CRLs; I have always been under the belief that this
> > > behavior was optional, I vaguely remembered reading text in 2459 along
> > > those lines; additionally I know of several commercial CAs that do not
> > > remove the expired certificates from their CRLs. Peter on the other hand
> > > was under the impression that it was a mandate to remove CRLs; he too
> > > remembered reading text in 2459 to support is position.
> > >
> > >
> > >
> > > So we each pulled out the RFC and found that we were both right!
> > > Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
> > >
> > >
> > >
> > > 3.3 Revocation
> > >
> > > When a certificate is issued, it is expected to be in use for its entire
> > > validity period. However, various circumstances may cause a certificate
> > > to become invalid prior to the expiration of the validity period.
> > >
> > >
> > >
> > > ....
> > >
> > >
> > >
> > > An entry is added to the CRL as part of the next update following
> > > notification of revocation. An entry may be removed from the CRL after
> > > appearing on one regularly scheduled CRL issued beyond the revoked
> > > certificate's validity period.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 8.6.2.2 Issuing distribution point extension
> > >
> > > This CRL extension field identifies the CRL distribution point for this
> > > particular CRL, and indicates if the CRL is limited to revocations for
> > > end-entity certificates only, for authority certificates only, or for a
> > > limited set of reasons only. The CRL is signed by the CRL issuer's key-
> > > CRL distribution points do not have their own key pairs. However, for a
> > > CRL distributed via the Directory, the CRL is stored in the entry of the
> > > CRL distribution point, which may not be the directory entry of the CRL
> > > issuer. If this field is absent, the CRL shall contain entries for all
> > > revoked unexpired certificates issued by the CRL issuer.
> > >
> > >
> > >
> > > ....
> > >
> > >
> > >
> > > The distributionPoint component contains the name of the distribution
> > > point in one or more name forms. If this field is absent, the CRL shall
> > > contain entries for all revoked certificates issued by the CRL issuer.
> > > After a certificate appears on a CRL, it is deleted from a subsequent
> > > CRL after the certificate's expiry.
> > >
> > >
> > >
> > >
> > >
> > > Although section 8.6.2.2 is specifically in regards to CRLdps, any
> > > difference between full CRLs and CRLdps in this case I feel would be an
> > > arbitrary one.
> > >
> > >
> > >
> > > Now logically it makes sense to remove certificates that are expired
> > > from CRLs to control size, yes this has a negative point specifically it
> > > prevents CRLs from being used as a non-repudiation source; but this is
> > > mute due to many other issues.
> > >
> > >
> > >
> > > That being the case I think; and I believe Peter would agree the correct
> > > thing to do is to remove these expired/revoked entries from the CRL.
> > >
> > >
> > >
> > > The question now is what is the PKIX stance on this matter?
> > >
> > >
> > >
> > > Ryan M. Hurst
> > >
> > > ValiCert, Inc.
> > >
> > >
> > >
> > > "It may roundly be asserted that human ingenuity cannot concoct a
> > > cipher which human ingenuity cannot resolve."
> > > -Edgar Allan Poe
> > >
> > >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f85CCjF13803 for ietf-pkix-bks; Wed, 5 Sep 2001 05:12:45 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f85CChD13795 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 05:12:44 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA39116; Wed, 5 Sep 2001 14:14:42 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id OAA16324; Wed, 5 Sep 2001 14:12:09 +0200
Message-ID: <3B96169B.E1A037B0@bull.net>
Date: Wed, 05 Sep 2001 14:12:11 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Nada Kapidzic Cicovic <nada@entegrity.com>
CC: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Removing expired certificates from CRLs.....
References: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Nada and Ryan,
> Ryan,
>
> Some years ago we at Entegrity also had similar discussion. We were
> positive CRLs were not to contain the information about the expired
> certificates, until we came across some industry CA CRLs containing
> information about all revoked certificates. We then looked into 2459
> (draft in those days) and X.509 text and came to the conclusion that
> deleting info about expired certificates from a CRL is only an option.
>
> I am not sure what was the intention of the original authors of X.509
> (perhaps Sharon and Hoyt know more about it), but the current industry
> practice seems to be a mixture of both approaches.
At the very beginning, when ISO started the work, non-repudiation was not
considered, but only authentication and data origin authentication.
> My personal opinion is that keeping all revoked certificates info in CRLs
> brings more problems than benefits. However, it is questionable whether
> PKIX needs to take a vote for one approach or the other.
>
> In any case I would suggest that the text of 2459 be modified so that it
> has a MAY (or a MUST) consistently in all places where deleting expired
> certificates revocation info from CRLs is mentioned. The current text only
> brings confusion, as you have already pointed out.
In all the sentences that have been extracted below, I could not find a
place where a change would be necessary. So I believe that the current text
is OK : it tells how long revoked certificates MUST be kept in a CRL but
does not forbid to maintain them longer. I agree that maintaining them too
long would be a problem because of the increasing size of the CRL, hence why
CRL information should be captured when still available, in case a
non-repudiation service is supported.
We could add is a recommendation like: "Certificates identifiers
for certificates that contain the NR bit in the KeyUsage extension field
SHOULD be maintained in a CRL a few days or weeks after they have expired."
However, it seems rather late to add such a sentence, since we passed IETF
last call. I leave the issue to the editors ...
Denis
> Nada
>
> At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:
>
> > I was speaking with Peter Williams today about the removal of expired
> > certificates from CRLs; I have always been under the belief that this
> > behavior was optional, I vaguely remembered reading text in 2459 along
> > those lines; additionally I know of several commercial CAs that do not
> > remove the expired certificates from their CRLs. Peter on the other hand
> > was under the impression that it was a mandate to remove CRLs; he too
> > remembered reading text in 2459 to support is position.
> >
> >
> >
> > So we each pulled out the RFC and found that we were both right!
> > Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
> >
> >
> >
> > 3.3 Revocation
> >
> > When a certificate is issued, it is expected to be in use for its entire
> > validity period. However, various circumstances may cause a certificate
> > to become invalid prior to the expiration of the validity period.
> >
> >
> >
> > ....
> >
> >
> >
> > An entry is added to the CRL as part of the next update following
> > notification of revocation. An entry may be removed from the CRL after
> > appearing on one regularly scheduled CRL issued beyond the revoked
> > certificate's validity period.
> >
> >
> >
> >
> >
> >
> >
> > 8.6.2.2 Issuing distribution point extension
> >
> > This CRL extension field identifies the CRL distribution point for this
> > particular CRL, and indicates if the CRL is limited to revocations for
> > end-entity certificates only, for authority certificates only, or for a
> > limited set of reasons only. The CRL is signed by the CRL issuer's key-
> > CRL distribution points do not have their own key pairs. However, for a
> > CRL distributed via the Directory, the CRL is stored in the entry of the
> > CRL distribution point, which may not be the directory entry of the CRL
> > issuer. If this field is absent, the CRL shall contain entries for all
> > revoked unexpired certificates issued by the CRL issuer.
> >
> >
> >
> > ....
> >
> >
> >
> > The distributionPoint component contains the name of the distribution
> > point in one or more name forms. If this field is absent, the CRL shall
> > contain entries for all revoked certificates issued by the CRL issuer.
> > After a certificate appears on a CRL, it is deleted from a subsequent
> > CRL after the certificate's expiry.
> >
> >
> >
> >
> >
> > Although section 8.6.2.2 is specifically in regards to CRLdps, any
> > difference between full CRLs and CRLdps in this case I feel would be an
> > arbitrary one.
> >
> >
> >
> > Now logically it makes sense to remove certificates that are expired
> > from CRLs to control size, yes this has a negative point specifically it
> > prevents CRLs from being used as a non-repudiation source; but this is
> > mute due to many other issues.
> >
> >
> >
> > That being the case I think; and I believe Peter would agree the correct
> > thing to do is to remove these expired/revoked entries from the CRL.
> >
> >
> >
> > The question now is what is the PKIX stance on this matter?
> >
> >
> >
> > Ryan M. Hurst
> >
> > ValiCert, Inc.
> >
> >
> >
> > "It may roundly be asserted that human ingenuity cannot concoct a
> > cipher which human ingenuity cannot resolve."
> > -Edgar Allan Poe
> >
> >
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f859p2d04599 for ietf-pkix-bks; Wed, 5 Sep 2001 02:51:02 -0700 (PDT)
Received: from exchsvr1.entegrity.com (exchsvr1.entegrity.com [207.215.19.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f859p0D04589 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 02:51:00 -0700 (PDT)
Received: from cooper.entegrity.com (dave.entegrity.se [195.100.88.62]) by exchsvr1.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id PGA4H0VN; Wed, 5 Sep 2001 02:55:50 -0700
Message-Id: <5.1.0.14.0.20010905095301.0292a7c0@exchsvr1.entegrity.com>
X-Sender: nada@exchsvr1.entegrity.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 05 Sep 2001 11:48:26 +0200
To: Ryan Hurst <ryanh@valicert.com>, IETF-PKIX <ietf-pkix@imc.org>
From: Nada Kapidzic Cicovic <nada@entegrity.com>
Subject: Re: Removing expired certificates from CRLs.....
In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE219@exchange.valicert .com>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
<html>
Ryan,<br><br>
Some years ago we at Entegrity also had similar discussion. We were
positive CRLs were not to contain the information about the expired
certificates, until we came across some industry CA CRLs containing
information about all revoked certificates. We then looked into 2459
(draft in those days) and X.509 text and came to the conclusion that
deleting info about expired certificates from a CRL is only an
option.<br><br>
I am not sure what was the intention of the original authors of X.509
(perhaps Sharon and Hoyt know more about it), but the current industry
practice seems to be a mixture of both approaches.<br><br>
My personal opinion is that keeping all revoked certificates info in CRLs
brings more problems than benefits. However, it is questionable whether
PKIX needs to take a vote for one approach or the other. <br><br>
In any case I would suggest that the text of 2459 be modified so that it
has a MAY (or a MUST) c<font face="Arial, Helvetica">onsistently</font>
in all places where deleting expired certificates revocation info from
CRLs is mentioned. The current text only brings confusion, as you have
already pointed out.<br><br>
Nada<br><br>
At 08:49 PM 9/4/01 -0700, Ryan Hurst wrote:<br><br>
<blockquote type=cite class=cite cite><font face="arial" size=2>I was
speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along
those lines; additionally I know of several commercial CAs that do not
remove the expired certificates from their CRLs. Peter on the other hand
was under the impression that it was a mandate to remove CRLs; he too
remembered reading text in 2459 to support is position.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>So we each pulled out the RFC and found that we
were both right! Specifically both sections 3.3 and 8.6.2.2 have text on
this subject:<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2><b>3.3 Revocation<br>
</b></font><br>
<font face="arial" size=2>When a certificate is issued, it is expected to
be in use for its entire validity period. However, various
circumstances may cause a certificate to become invalid prior to the
expiration of the validity period.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>....<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>An entry is added to the CRL as part of the
next update following notification of revocation. <b><i>An entry may be
removed from the CRL after appearing on one regularly scheduled CRL
issued beyond the revoked certificate's validity period.<br>
</i></b></font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2><b>8.6.2.2 Issuing distribution point
extension<br>
</b></font><br>
<font face="arial" size=2>This CRL extension field identifies the CRL
distribution point for this particular CRL, and indicates if the CRL is
limited to revocations for end-entity certificates only, for authority
certificates only, or for a limited set of reasons only. The CRL is
signed by the CRL issuer's key- CRL distribution points do not have their
own key pairs. However, for a CRL distributed via the Directory, the CRL
is stored in the entry of the CRL distribution point, which may not be
the directory entry of the CRL issuer.<i> <b>If this field is absent, the
CRL shall contain entries for all revoked unexpired certificates issued
by the CRL issuer.<br>
</i></b></font><br>
<font face="arial" size=2><i> <br>
</i></font><br>
<font face="arial" size=2>....<br>
</font><br>
<font face="arial" size=2 color="#0000FF"> <br>
</font><br>
<font face="arial" size=2>The
</font><font face="arial" size=1><b>distributionPoint
</b></font><font face="arial" size=2>component contains the name of the
distribution point in one or more name forms. If this field is absent,
the CRL shall contain entries for all revoked certificates issued by the
CRL issuer. <b><i>After a certificate appears on a CRL, it is deleted
from a subsequent CRL after the certificate's expiry.<br>
</i></b></font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Although section 8.6.2.2 is specifically in
regards to CRLdps, any difference between full CRLs and CRLdps in this
case I feel would be an arbitrary one. <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Now logically it makes sense to remove
certificates that are expired from CRLs to control size, yes this has a
negative point specifically it prevents CRLs from being used as a
non-repudiation source; but this is mute due to many other issues.<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>That being the case I think; and I believe
Peter would agree the correct thing to do is to remove these
expired/revoked entries from the CRL. <br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>The question now is what is the PKIX stance on
this matter?<br>
</font><br>
<font face="arial" size=2> <br>
</font><br>
<font face="arial" size=2>Ryan M. Hurst<br>
</font><br>
<font face="arial" size=2>ValiCert, Inc.<br>
</font><br>
<font face="arial" size=2> </font>
<dl><font face="Times New Roman, Times">
<dd>"It may roundly be asserted that human ingenuity cannot concoct
a cipher which human ingenuity cannot
resolve."</i></font><font face="Times New Roman, Times">
<dd>-Edgar Allan Poe</font>
</dl><font face="Times New Roman, Times"> </font></blockquote></html>
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f858obo00437 for ietf-pkix-bks; Wed, 5 Sep 2001 01:50:37 -0700 (PDT)
Received: from carbone.certplus.com (facteur.certplus.com [195.101.88.81]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f858oZD00431 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 01:50:35 -0700 (PDT)
Received: from certplus.com ([192.168.212.27]) by carbone.certplus.com with Microsoft SMTPSVC(5.0.2195.2966); Wed, 5 Sep 2001 10:46:46 +0200
Message-ID: <3B95E68D.29DA1BE7@certplus.com>
Date: Wed, 05 Sep 2001 10:47:09 +0200
From: Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>
Organization: Certplus
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: New test TSA available
References: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> <3B8A199E.1E69D01A@certplus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 05 Sep 2001 08:46:46.0406 (UTC) FILETIME=[4B88D260:01C135E7]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Jean-Marc Desperrier wrote:
> What is needed is a finalized version of this protocol in an RFC, so that _this_
> becomes a reference, and something one can actually use for interoperability.
> Therefore the true question is why is this RFC still not there when supposedly the
> draft is on the last stages of approval since monthes [...]
I did not stand corrected about this point by anyone in the mailing list.
Surprising.
The TSP RFC is indeed issued now :
http://www.ietf.org/rfc/rfc3161.txt
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f858HLC26358 for ietf-pkix-bks; Wed, 5 Sep 2001 01:17:21 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f858HJD26352 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 01:17:19 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA43940; Wed, 5 Sep 2001 10:19:17 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id KAA19928; Wed, 5 Sep 2001 10:16:45 +0200
Message-ID: <3B95DF6E.939FBAE@bull.net>
Date: Wed, 05 Sep 2001 10:16:46 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Simonato Carolina <carolina.simonato@infocamere.it>
CC: IETF-PKIX <ietf-pkix@imc.org>
Subject: Re: Question: who signs a CRL if the CAcertificate, that signs it, is immediately revoked?
References: <3B94F64F.77379910@infocamere.it>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Carolina,
> Hello all!
>
> Suppose a simple situation in which a certificate chain is constituted
> only by two certificates: a trusted (by some important authority) root
> certificate (self-signed) and an end-entity certificate, signed by that
> root certificate.
> The same root certificate also signs the certificate revocation list (a
> unique crl that contains all revoked certificates- for all reasons).
> The problem is: who signs the crl when the root certificate is
> immediately revoked, because of, for example, cacompromise?
If the key is the CA is compromised, then the attacker has the key and thus
may generate any CRL. The CA might still attempt to publish a CRL using the
compromised key, but with no garantee that the CRL he has issued will ever
be seen (PKIX or X.509 does NOT assume that access to the repository where
the CRLs are placed is secured).
Nevetheless, all relying parties making use of the root key *shall* be
informed that the current root key is no longer valid. With your
assumptions, unless using some out-of-bands mechanism, it cannot be
guaranteed that they will always be informed (see later for a proposal).
Once they know it, they should be able to obtain the new root key (which,
anyway has to be changed) using out-of-bands means, e.g. by publishing the
hash of the new self-signed certificate or by pushing or pulling the new
self-signed certificate.
I believe that this answers to your question without changing any parameter
from the situation you describe. However, by using a more realistic but
different model, with an additional level in the hierarchy, then there is a
different answer. The model involves: a root level, a CA level, an end-user
level.
If relying parties can directly trust both the root level and the CA key
that has issued their certificate, then there is another alternative: an
indirect CRL issued by that CA can be used to signal that the root CA has
been compromised. In this way the software can *always* receive a warning
that the root key has been compromised.
Of course the attacker could say that the CA key is no longer valid (i.e.
revoked), by issued a (root) CRL but the warning is always obtained. After
getting such a warning, relying parties should be stop processing and
further inquiries should anyway be necessary to know what really happened
... to finally get the new root key and the possibly new CA key using some
out-of-bands mechanisms.
As a summary, using two trust points, instead of one, and indirect CRLs
is one way to solve the problem.
Denis
> Probably it is necessary to create a new couple of keys (and so a new
> root certificate) and sign the crl with the new ca private key?
> Or is it possible to create a couple of CA keys to sign only
> certificate revocation list and not to make provision for revoking this
> last ca root certificate?
>
> I would like to riceive suggestions about this topic.
> Thank you in advance.
>
> regards
> Carolina
Received: by above.proper.com (8.11.6/8.11.3) id f857GTY18905 for ietf-pkix-bks; Wed, 5 Sep 2001 00:16:29 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f857GRD18898 for <ietf-pkix@imc.org>; Wed, 5 Sep 2001 00:16:28 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA31834; Wed, 5 Sep 2001 09:18:25 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id JAA08920; Wed, 5 Sep 2001 09:15:52 +0200
Message-ID: <3B95D12A.FD72B6EF@bull.net>
Date: Wed, 05 Sep 2001 09:15:54 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B950681.9355D577@bull.net> <p05010404b7babe9a79ed@[128.33.84.34]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve,
(deleted text)
> >I also found that 3/02 for DPV/DPD Protocols RFCs, may be a little bit
> >optimistic. 3/04 would probably be more appropriate.
> OK, I'll make that change.
With the writing of dates in the reverse way between my country and yours,
I got confused. I was thinking that April 2002 would be reasonable, not
for the RFC being published (by experience we know that it takes months
between an IETF last call being passed and an RFC publication), but for
a WG last call.
So if we assume WG Last call in April 2002 and IETF last call in June 2002,
then we add 6 months for publication and this makes December 2002 (12/02,
I presume) for a possible publication.
Denis
> Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f854Ido12891 for ietf-pkix-bks; Tue, 4 Sep 2001 21:18:39 -0700 (PDT)
Received: from kakapo.cs.auckland.ac.nz (kakapo.cs.auckland.ac.nz [130.216.34.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f854IXD12369 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 21:18:33 -0700 (PDT)
Received: from ruru.cs.auckland.ac.nz (firebird.cs.auckland.ac.nz [130.216.34.12]) by kakapo.cs.auckland.ac.nz (8.8.6/8.8.6/cs-master) with ESMTP id QAA25863; Wed, 5 Sep 2001 16:18:00 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id QAA128532; Wed, 5 Sep 2001 16:17:51 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Wed, 5 Sep 2001 16:17:51 +1200 (NZST)
Message-ID: <200109050417.QAA128532@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: myers@coastside.net
Subject: RE: charter revisions
Cc: ietf-pkix@imc.org
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
"Michael Myers" <myers@coastside.net> writes:
>I agree with Stephen Farrell and Steve Hanna that logotypes are out of scope.
Unaccustomed as I am to agreeing with everyone else, I'll drop in my $0.02 and
concur. In any case since it's been demonstrated that a sufficiently motivated
person can put a cat MPEG in a cert, I don't see that a simple logo will be any
problem for someone who really wants it.
Peter.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f853u2m26342 for ietf-pkix-bks; Tue, 4 Sep 2001 20:56:02 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f853txD26232 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 20:55:59 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ6002018AKZ2@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 4 Sep 2001 20:56:44 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ60027Y8AJSP@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 04 Sep 2001 20:56:44 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV7NA>; Tue, 04 Sep 2001 20:49:41 -0700
Content-return: allowed
Date: Tue, 04 Sep 2001 20:49:40 -0700
From: Ryan Hurst <ryanh@valicert.com>
Subject: Removing expired certificates from CRLs.....
To: IETF-PKIX <ietf-pkix@imc.org>
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01EEE219@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: multipart/alternative; boundary="Boundary_(ID_VIuqVop7j1bRuV68o60z4w)"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--Boundary_(ID_VIuqVop7j1bRuV68o60z4w)
Content-type: text/plain
I was speaking with Peter Williams today about the removal of expired
certificates from CRLs; I have always been under the belief that this
behavior was optional, I vaguely remembered reading text in 2459 along those
lines; additionally I know of several commercial CAs that do not remove the
expired certificates from their CRLs. Peter on the other hand was under the
impression that it was a mandate to remove CRLs; he too remembered reading
text in 2459 to support is position.
So we each pulled out the RFC and found that we were both right!
Specifically both sections 3.3 and 8.6.2.2 have text on this subject:
3.3 Revocation
When a certificate is issued, it is expected to be in use for its entire
validity period. However, various circumstances may cause a certificate to
become invalid prior to the expiration of the validity period.
....
An entry is added to the CRL as part of the next update following
notification of revocation. An entry may be removed from the CRL after
appearing on one regularly scheduled CRL issued beyond the revoked
certificate's validity period.
8.6.2.2 Issuing distribution point extension
This CRL extension field identifies the CRL distribution point for this
particular CRL, and indicates if the CRL is limited to revocations for
end-entity certificates only, for authority certificates only, or for a
limited set of reasons only. The CRL is signed by the CRL issuer's key- CRL
distribution points do not have their own key pairs. However, for a CRL
distributed via the Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
If this field is absent, the CRL shall contain entries for all revoked
unexpired certificates issued by the CRL issuer.
....
The distributionPoint component contains the name of the distribution point
in one or more name forms. If this field is absent, the CRL shall contain
entries for all revoked certificates issued by the CRL issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL after the
certificate's expiry.
Although section 8.6.2.2 is specifically in regards to CRLdps, any
difference between full CRLs and CRLdps in this case I feel would be an
arbitrary one.
Now logically it makes sense to remove certificates that are expired from
CRLs to control size, yes this has a negative point specifically it prevents
CRLs from being used as a non-repudiation source; but this is mute due to
many other issues.
That being the case I think; and I believe Peter would agree the correct
thing to do is to remove these expired/revoked entries from the CRL.
The question now is what is the PKIX stance on this matter?
Ryan M. Hurst
ValiCert, Inc.
"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."
-Edgar Allan Poe
--Boundary_(ID_VIuqVop7j1bRuV68o60z4w)
Content-type: text/html
Content-transfer-encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C13583.EFC4BB00">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PersonName"/>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-alt:\5B8B\4F53;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;
mso-font-charset:134;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 135135232 16 0 262145 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:SimSun;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I was speaking with =
</span></font><st1:PersonName><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Peter
Williams</span></font></st1:PersonName><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'> today about the removal =
of expired
certificates from <span class=3DSpellE>CRLs</span>; I have always been =
under the belief
that this behavior was optional, I vaguely remembered reading text in =
2459 along
those lines; additionally I know of several commercial <span =
class=3DSpellE>CAs</span>
that do not remove the expired certificates from their <span =
class=3DSpellE>CRLs</span>.
Peter on the other hand was under the impression that it was a mandate =
to
remove <span class=3DSpellE>CRLs</span>; he too remembered reading text =
in 2459 to
support is position.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So we each pulled out the RFC and found that we were =
both
right! Specifically both sections 3.3 and 8.6.2.2 have text on this =
subject:<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal style=3D'tab-stops:45.8pt 91.6pt 137.4pt 183.2pt =
229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt =
641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none;text-autospace:none'><span class=3DGramE><b
style=3D'mso-bidi-font-weight:normal'><font size=3D2 face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;font-weight:bold;mso-bidi-fo=
nt-weight:
normal'>3.3<span style=3D'mso-spacerun:yes'> =
</span>Revocation</span></font></b></span><b
style=3D'mso-bidi-font-weight:normal'><font size=3D2 face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;font-weight:bold;mso-bidi-fo=
nt-weight:
normal'><o:p></o:p></span></font></b></p>
<p class=3DMsoNormal style=3D'tab-stops:45.8pt 91.6pt 137.4pt 183.2pt =
229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt =
641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none;text-autospace:none'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>When a certificate is =
issued, it is
expected to be in use for its entire validity period.<span
style=3D'mso-spacerun:yes'> </span>However, various circumstances =
may cause
a certificate to become invalid prior to the expiration of the validity =
period.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'tab-stops:45.8pt 91.6pt 137.4pt 183.2pt =
229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt =
641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none;text-autospace:none'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></f=
ont></p>
<p class=3DMsoNormal style=3D'tab-stops:45.8pt 91.6pt 137.4pt 183.2pt =
229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt =
641.2pt 687.0pt 732.8pt;
mso-layout-grid-align:none;text-autospace:none'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>An entry is added to the =
CRL as part
of the next update following notification of revocation. <b><i><span
style=3D'font-weight:bold;font-style:italic'>An entry may be removed =
from the CRL
after appearing on one regularly scheduled CRL issued beyond the =
revoked
certificate's validity =
period.</span></i></b><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><b><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-weight:
bold'>8.6.2.2 Issuing distribution point =
extension<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>This CRL
extension field identifies the CRL distribution point for this =
particular CRL,
and indicates if the CRL is limited to revocations for end-entity =
certificates
only, for authority certificates only, or for a limited set of reasons =
only. The
CRL is signed by the CRL issuer's key- CRL distribution points do not
have their own key pairs. However, for a CRL distributed via the =
Directory, the
CRL is stored in the entry of the CRL distribution point, which may not =
be the directory
entry of the CRL issuer.<i><span style=3D'font-style:italic'> <b><span
style=3D'font-weight:bold'>If this field is absent, the CRL shall =
contain entries
for all revoked <span class=3DSpellE>unexpired</span> certificates =
issued by the
CRL issuer.</span></b><o:p></o:p></span></i></span></font></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><i><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;font-style:
italic'><o:p> </o:p></span></font></i></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>....<o:p></o:p></span></fon=
t></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 color=3Dblue face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:blue'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal =
style=3D'mso-layout-grid-align:none;text-autospace:none'><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>The </span></font><span
class=3DSpellE><b><font size=3D1 face=3DArial><span =
style=3D'font-size:9.0pt;
font-family:Arial;font-weight:bold'>distributionPoint</span></font></b><=
/span><b><font
size=3D1 face=3DArial><span =
style=3D'font-size:9.0pt;font-family:Arial;font-weight:
bold'> </span></font></b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>component contains the name of the distribution =
point in one
or more name forms. If this field is absent, the CRL shall contain =
entries for
all revoked certificates issued by the CRL issuer. <b><i><span
style=3D'font-weight:bold;font-style:italic'>After a certificate =
appears on a
CRL, it is deleted from a subsequent CRL after the certificate's =
expiry.<o:p></o:p></span></i></b></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Although section 8.6.2.2 is specifically in regards =
to <span
class=3DSpellE>CRLdps</span>, any difference between full <span =
class=3DSpellE>CRLs</span>
and <span class=3DSpellE>CRLdps</span> in this case I feel would be an =
arbitrary
one. <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Now logically it makes sense to remove certificates =
that are
expired from <span class=3DSpellE>CRLs</span> to control size, yes this =
has a
negative point specifically it prevents <span =
class=3DSpellE>CRLs</span> from
being used as a non-repudiation source; but this is mute due to many =
other
issues.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>That being the case I think; and I believe Peter =
would agree
the correct thing to do is to remove these expired/revoked entries from =
the CRL.
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>The question now is what is the PKIX stance on this =
matter?<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Ryan M. Hurst<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>ValiCert, Inc.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal><i><font size=3D3 face=3D"Times New Roman"><span
style=3D'font-size:12.0pt;font-style:italic;mso-no-proof:yes'>"It =
may
roundly be asserted that human ingenuity cannot concoct a cipher which =
human
ingenuity cannot resolve."</span></font></i><span =
style=3D'mso-no-proof:
yes'><o:p></o:p></span></p>
</blockquote>
<blockquote style=3D'margin-top:5.0pt;margin-bottom:5.0pt'>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt;mso-no-proof:yes'>-Edgar Allan Poe</span><o:p></o:p></font></p>
</blockquote>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
--Boundary_(ID_VIuqVop7j1bRuV68o60z4w)--
Received: by above.proper.com (8.11.6/8.11.3) id f853I8U15392 for ietf-pkix-bks; Tue, 4 Sep 2001 20:18:08 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f853I5D15289 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 20:18:05 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ6002016JDVQ@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 4 Sep 2001 20:18:49 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ60022X6JDSP@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 04 Sep 2001 20:18:49 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV7LD>; Tue, 04 Sep 2001 20:11:47 -0700
Content-return: allowed
Date: Tue, 04 Sep 2001 20:11:46 -0700
From: Peter Williams <peterw@valicert.com>
Subject: RE: charter revisions
To:
Cc: ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A308@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
I think its irrelevant that particular
folks do not wish to do any work
on a potential work topic. Personally,
I have done little or no work on several PKIX
work items for years, their being
largely irrelevant to the Internet
deployment community.
I did not feel it appropriate to seek to stop others
however, or voice my personal prejudice toward
their work area. In the future, these standards
may be very important baselines, as things catch
up to some of our visions.
If there is constituency to do the logotype work,
then let it happen. I cannot judge
whether the material on logotypes is legitimate
or secure, until I see IDs and active WG/list discussion
on actual proposals.
I do know broadly the underlying issue is pertinent to many current
deployment matters across the world, including internationl
char sets issues where, culturally, unique graphical
chars are created for an idea/name, and as DNS
names/attributes/graphical-chars and 509 converge in the hands
of the business known as VeriSign.
Personally, I see the engineering topic as wider than logotypes; its
about the use of graphic symbols in a non-Roman way of thinking about
identifiers, names and the forms of reliance. To
me this is all very exciting, as a cultural issue set relevant
to global uptake enters that is little addressed
in Western-dominated ISO/IETF standards.
If the chairs are tired, then replace the
chairs at an appropriate milestone. I dont think anyone
would think any worse of our chairs for ceding the floor, after
so many years of sterling service. Personally, I'd keep
both of our chairs, but thats for them to decide.
-----Original Message-----
From: Michael Myers [mailto:myers@coastside.net]
Sent: Tuesday, September 04, 2001 10:34 AM
To: stephen.farrell@baltimore.ie; Stephen Kent
Cc: Steve Hanna; ietf-pkix@imc.org
Subject: RE: charter revisions
All,
I agree with Stephen Farrell and Steve Hanna that logotypes are out of
scope. These needs are better addressed by other forums. Let's focus the
WG's remaining energy on resolving DPV/DPD issues.
Mike
> On Thursday, August 30, 2001 2:35 AM Stephen Farrell wrote in part:
> . . .
> Steve (K),
>
> I'd have to agree with Steve H, though maybe not as strongly.
> My suggestion would be to limit the additional items to the
> dpd/dpv.
> On Wednesday, August 29, 2001 2:01 PM Steve Hanna wrote in part:
>
> . . . I don't think PKIX should do any work on the
> logotype extension. I know that there is a demand for this from
> marketing folks, but I don't believe that we should standardize it
> unless it can be used securely. This does not seem possible.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f851RbV22346 for ietf-pkix-bks; Tue, 4 Sep 2001 18:27:37 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f851RZD22342 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 18:27:35 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GJ6002011F7KS@ext-mail.valicert.com> for ietf-pkix@imc.org; Tue, 4 Sep 2001 18:28:19 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GJ6002DB1F7C0@ext-mail.valicert.com>; Tue, 04 Sep 2001 18:28:19 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <QP4KV71Q>; Tue, 04 Sep 2001 18:21:17 -0700
Content-return: allowed
Date: Tue, 04 Sep 2001 18:21:17 -0700
From: Peter Williams <peterw@valicert.com>
Subject: RE: Path validation and self-signed certificates
To: "'David A. Cooper'" <david.cooper@nist.gov>, ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A303@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
I disagree with your recommendation. I am thinking
as an long-term implementor who has followed
and interpreted the particular X.509 guidance through
5 generations of PKI software now, when I say the
following:
Anyone can send any set of certificates in a proposed path; it
is for the receipient to sort, and select, which certs represent
a trust path that meets their local security policy
requirements. This includes choosing certs based on their
convergence with locally-recognised trust anchors.
For example, one can send two parallel paths to
a given recipient in the certs list of a PKCS7
msg, each of whose trust-anchors may be indicated by a
self-signed cert.
The one path (of the two sent) to be actually validated depends upon the
receivers application software, not the PKIX path processing
algorithm. Upon discovery, elements of the selected path should be
then passed to the X.509 path processing
algorithm implementation. In a good implementation
of the application, the passed path will include only those
elements of the trust path that meet the path processing rules;
this should does not include the self-signed cert. If found,
the self signed cert should be ignored by the security module
evaluated to ensure conformance to PKIX/509.
Of course, how the path processing algorithm learns which
trust anchors are legitimate is something that is
not-standardized, and should not be indicated to the algorithm
by information derived from a cert path. If the application
before passing the cert path to X.509 path processing
has setup a path-processing security context with the two trust
anchors recently delivered via self-signed certs,
then this is acceptable application practice. If we were
building PEM, perhaps the IPRA public key would be
pre-installed in every security context...
Lets remember, its not IETF business to standardize the
non-Internet applications that use PKI; of which there are now
many. They discover paths and control trust anchors however
they wish. It is PKIX business to ensure that two path processing
algorithm given the same inputs would
produce the same result concerning a valid path. After
10 years of trying, we are about as far from this
goal as ever, unfortunately, in Internet praxis.
Peter.
-----Original Message-----
From: David A. Cooper [mailto:david.cooper@nist.gov]
Sent: Saturday, August 25, 2001 2:33 PM
To: ietf-pkix@imc.org
Subject: RE: Path validation and self-signed certificates
All,
I believe that PKIX should either discourage or forbid the inclusion of
self-signed certificates in certification paths for the following reasons:
1) Section 8.1.5 of the 4th edition of X.509 states that
There are three circumstances under which a certification authority
may
issue a certificate to itself:
a) as a convenient way of encoding its public key for communication
to,
and storage by, its certificate users;
b) ...
For purposes of path validation, self-issued certificates of type
a) are verified
with the public key contained in them, and if they are encountered
in the path,
they shall be ignored.
So, X.509 states that self-signed certificate are only to be used as a
convenient way of encoding a public key, and that self-signed certificates,
if they are encountered in a certification path are to be ignored. Thus, if
PKIX were to allow the processing of self-signed certificates, it would not
be compliant with X.509.
2) As Peter Hesse pointed out, many CAs issue self-signed certificates with
a minimum necessary information (e.g., a version 1 certificate with just a
name, public key, and validity dates). Any such certificates included in a
certification path would result in an empty valid_policy_tree. Old-with-new
and new-with-old self-issued certificates are designed to be used as part of
certification paths and so should contain all of the necessary extensions
(e.g., basicConstraints, certificatePolicies), but self-signed certificates
may be been issued simply as a means of distributing the public key to
relying parties that will use that key as a trust anchor. If these
certificates are included in, and are processed as parts of, certification
paths, the results may be rejecting end certificates that should be have
been accepted.
3) If a CA suspects that its key has been compromised (or it otherwise
determines that none of the certificates it has issued should be considered
valid), it should request that every certificate issued to it be revoked (as
is stated in the Security Considerations section). If possible, it should
also revoke all of the certificates it has issued (not just its self-signed
certificate). If a CA can revoke its own self-signed certificate then it can
revoke all of the certificates it has issued. Doing so will ensure that all
relying parties know about the revocation, not just those relying parties
that check to see whether the signed-signed certificate has been revoked.
4) If an organization uses client software that processes self-signed
certificates, there is risk that that organization will issue certificates
from its own CA assuming that relying parties process self-signed
certificates. This organization's CA may then issue self-signed certificates
with constraints (e.g., name constraints, path length constraints, etc.)
that they expect relying parties to see, but the CA, assuming that relying
parties will process its self-signed certificates, may not include the
constraints in any of its other certificates.
So, if there is no set rule, there is the risk that relying parties that do
process self-signed certificates will lose some interoperability and those
that do not will overlook intended path processing constraints.
Hiroyuki Sakakibara presented an example in which processing self-signed
certificates helped to prevent a security breach. In his example, A issues
a cross-certificate to B and B's private key is compromised. Hiroyuki
pointed out that by processing B's self-signed certificate (to see if it has
expired or has been revoked) one may have a chance to detect the compromise
even if A does not cooperate by revoking the certificate that it issued to
B. However, as he pointed out, this is not foolproof. The entity that
compromised B's key could issue a new self-signed certificate with a later
notAfter date along with CRLs that make it appear as if B's certificates are
still good. If on the other hand, B were able to get its own CRLs to relying
parties, it could just revoke all of its certificates instead of just its
self-signed certificate, thus ensuring that any relying party that receives
its CRLs will know that its certificates can not be trusted, whether they
process B's self-s!
igned certificates or not.
In general though, if a certification path of the form ... --> A --> B -->
... is being processed, I don't think there is much that B can do to protect
relying parties from A's improper behavior. If A issues certificates to B
with notAfter dates that are later than they should be or if A refuses to
revoke B's certificate when requested to do so, there is little that B can
do to protect A's relying parties (or the relying parties of any CA that
preceded A in the path) from A, particularly in the case when B's private
key has been compromised. I don't think that it is worth diverging from
X.509 and introducing interoperability problems into PKIX in an attempt to
try.
Dave
At 04:37 PM 8/24/01 -0700, Ryan Hurst wrote:
>Peter -
>
>I agree with your comments on self-signed certificates in chains with only
one exception, specifically in regards to revocation. There are several
cases where the revocation of a self-signed CA would make sense, what about
cessationOfOperation, superseded and affiliationChanged? These reasons do
not imply any sort of compromise of key material. We make many "known
assumptions" in PKI and the catch 22 of key material management and trust is
one of them, without these "known assumptions" many of the things in son-off
fall apart.
>
>Ryan
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84Npph03227 for ietf-pkix-bks; Tue, 4 Sep 2001 16:51:51 -0700 (PDT)
Received: from [165.227.249.20] (ip20.proper.com [165.227.249.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84NpnD03223 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 16:51:49 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p05100331b7bb18707579@[165.227.249.20]>
In-Reply-To: <EOEGJNFMMIBDKGFONJJDMEJKCEAA.myers@coastside.net>
References: <EOEGJNFMMIBDKGFONJJDMEJKCEAA.myers@coastside.net>
Date: Tue, 4 Sep 2001 16:51:45 -0700
To: ietf-pkix@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: RE: charter revisions
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 4:44 PM -0700 9/4/01, Michael Myers wrote:
> > > These needs are better addressed by other forums.
>>
>> Such as...?
>
>
>Such as whomever chooses to stand up the responsibility, or is PKIX going to
>go on forever ratifying extension X, protocol Y and policy Z?
History say "the latter".
> This role
>does not strike me as an engineering activity.
Fully agree. Oh, well.
>To the extent these issues remain relevant to the IETF and its governing
>bodies, perhaps those superior organizations may wish to consider their
>role. In *that* regard, IANA's classic role comes to mind but since so much
>of what PKI is and does to an enterprise is intrinsically bound up in
>enterprise security policy (as it should be), it's not clear to me that an
>IANA-like organization is the best path forward.
IANA is not a body that should pass security standards.
>Perhaps, Paul, given your exposure IETF/IESG/IAB organizational issues, you
>could propose something?
I did: I supported putting it in the PKIX WG charter. Seeing some
vendor interest, and seeing the PKIX WG does a fair job at putting
out protocols without gaping security holes, and not seeing any other
reputable (or even half-reputable) organization stepping up, I don't
see why it should not be done here. Charter creep is pretty common in
the IETF security area, yes? Should we not fully embrace that?
>I fear I've stirred the fire more than I should have.
Spoken like a true Californian at the end of a long, dry summer.
--Paul Hoffman, Director
--Internet Mail Consortium
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84NjYr03133 for ietf-pkix-bks; Tue, 4 Sep 2001 16:45:34 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84NjXD03127; Tue, 4 Sep 2001 16:45:33 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f84NjYH14451; Tue, 4 Sep 2001 16:45:34 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Paul Hoffman / IMC" <phoffman@imc.org>, <ietf-pkix@imc.org>
Subject: RE: charter revisions
Date: Tue, 4 Sep 2001 16:44:17 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEJKCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <p05100327b7baf1ca610b@[165.227.249.20]>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> > These needs are better addressed by other forums.
>
> Such as...?
Such as whomever chooses to stand up the responsibility, or is PKIX going to
go on forever ratifying extension X, protocol Y and policy Z? This role
does not strike me as an engineering activity. Hence my recent advocacy.
To the extent these issues remain relevant to the IETF and its governing
bodies, perhaps those superior organizations may wish to consider their
role. In *that* regard, IANA's classic role comes to mind but since so much
of what PKI is and does to an enterprise is intrinsically bound up in
enterprise security policy (as it should be), it's not clear to me that an
IANA-like organization is the best path forward.
Perhaps, Paul, given your exposure IETF/IESG/IAB organizational issues, you
could propose something?
I fear I've stirred the fire more than I should have.
Mike
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84NQ5a02757 for ietf-pkix-bks; Tue, 4 Sep 2001 16:26:05 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84NQ4D02753 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 16:26:04 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f84NQ1H12445; Tue, 4 Sep 2001 16:26:01 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Bob Jueneman" <bjueneman@novell.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: charter revisions
Date: Tue, 4 Sep 2001 16:24:42 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDMEJJCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <sb9502a1.083@prv-mail20.provo.novell.com>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Bob,
I read through this but remain firm in my opinion that upon resolution of
the DPV/DPD issues, the working group has achieved its original engineering
mission. Others may disagree. This is just one vote.
Further, of course there remains vast battlefields of market share. But
such issues I feel are better addressed in fora more appropriate to open
discussion of business interests given the sound technical platform PKIX has
defined (modulo resolution of DPV/DPD).
I'm more pleased to read of your support for Dave's efforts. I'm assuming
as I write this that that design hasn't changed in fundamental substance
since I was last involved in its definition. Perhaps Dave, John Pawling,
Russ or somebody could confirm my assumptions?
Minimally, I think it would be useful in the long run to have that work
documented as an Informational but perhaps that reach exceeds its grasp.
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com
> -----Original Message-----
> From: Bob Jueneman [mailto:bjueneman@novell.com]
> Sent: Tuesday, September 04, 2001 3:36 PM
> To: myers@coastside.net
> Cc: ietf-pkix@imc.org
> Subject: RE: charter revisions
>
>
> Michael,
>
> Certainly you and I, and Russ, and a handful of Steves, and
> countless others, have been involved in this WG for so long that
> it sometimes feels like it was our life's mission.
>
> However, I think it might be a bit premature to suggest that PKIX
> be disbanded when there is relatively scant evidence (outside of
> SSL) that even the most basic goals of PKI have been achieved
> with anything close to ubiquity. To the contrary, lots of people
> are suggesting that "PKI is dead", without, of course, having an
> alternative suggestion ¯ except perhaps to throw the buggers out
> and have a new team start all over, this time presumably encoding
> everything in XML.
>
> (There might even be some merit in the "throw the buggers out"
> school of thought, for if we aren't part of the solution, perhaps
> we are part of the problem. I don't think so ¯ I would prefer to
> think that we were just ahead of our time. Some of us, of course,
> may be a little more ahead of our time than others. :-) And I'm
> sure we all have our own personal list of those features we would
> most like to see added, and if push came to shove, which ones we
> never cared about in the first place. Speaking only personally,
> I crossed that point a long time ago with respect to DPV/DPD,
> TSP, certain forms of cross-certification, and some other things
> that I probably don't understand well enough to care much about,
> and happily so.)
>
> But although I might question the wisdom of continuing to
> proliferate this, that, and the other option during the technical
> discussion, I wouldn't try to invoke cloture before the debate
> had even started.
>
> I wouldn't go quite as far as Patrick Henry's "I disagree with
> what you say, but will defend to the death your right to say it",
> but I don't think that we need to have that discussion as part of
> the charter. That seems to be putting the cart before the horse.
> Instead, we should allow those who espouse the idea to work up an
> RFC and submit it, and if a rough consensus emerges, so be it.
> If not, the idea may languish forever as an experimental RFC, or
> it may go nowhere at all, with little harm done. And some
> careful consideration might prevent someone from going off and
> offering something really dumb as a proprietary solution.
>
> As far as Dave Fillingham's ideas regarding clearances and other
> privileges are concerned, I absolutely agree with the basic
> thought, and would be more than willing to contribute a number of
> ideas of my own in that arena. If as alleged the PKI "movement"
> has been less than successful, it is arguably because we have
> concentrated far too much on identity, and trying to implement
> the world's finest system of identity-based nonrepudiation, while
> almost completely ignoring the basic concept of trust,
> particularly as regards the end user.
>
> No one cares much whether my name is Robert, Bob, or Beelzebub.
> What they really want to know is what I am allowed to DO, and
> whether there is enough money in my account to pay for it, and
> who says so. Attribute certificates don't begin to really solve
> that problem, IMHO, for a host of reasons I won't get into.
>
> So should we simply that we're tired, throw up our hands, and go
> fishing, i.e., leave it to the XACML crowd to try it get right?
> I hope not.
>
> A friend recently characterized their apartment complex as being
> made up of the "newly wed, and nearly dead". This WG may be
> nearer the second than the first, but I don't think it is time to
> call for the Last Rights quite yet.
>
> Bob
>
> >>> "Michael Myers" <myers@coastside.net> 09/04/01 03:33PM >>>
> Bob,
>
> Ignoring for a moment the durability of the IPSEC WG, as an IETF WG, PKIX
> must eventually close. Of course, it's the chairs' call as to
> that precise
> timing but towards those considerations, I join those who say
> that the value
> added by addressing logotypes (and concomitantly extending the
> charter) does
> not warrant the energy required to fully address the requirements,
> particularly when placed in the context of the WG's predictable closure.
>
> At some point, we should declare victory and go fishing. In my opinion,
> that state is most clearly signaled by closure of the DPV/DPD issues.
> Beyond that, I look forward to various other fora to step forward.
> Basically, move the feast.
>
> In my individual opinion as a WG participant, logotypes are no more
> technically fundamental to PKIX's mission than, say, the use of Subject
> Directory Attributes to convey clearance constraints. In fact, if someone
> were to put the two on equal terms and call for a vote, I'd go for the
> latter. What Dave Fillingham et. al. put together deserves far broader
> exposure than it's received to date. My sense is that such considerations
> would have longer-reaching impact than logotypes.
>
> But that's just my opinion. I could be wrong.
>
> Mike
>
>
> Michael Myers
> t: +415.819.1362
> e: mailto:mike@traceroutesecurity.com
> w: http://www.traceroutesecurity.com
>
> > -----Original Message-----
> > From: Bob Jueneman [mailto:bjueneman@novell.com]
> > Sent: Tuesday, September 04, 2001 1:11 PM
> >
> > . . . is there any evidence that the WG is running out of energy?
>
>
Received: by above.proper.com (8.11.6/8.11.3) id f84NICI02648 for ietf-pkix-bks; Tue, 4 Sep 2001 16:18:12 -0700 (PDT)
Received: from smtp018.mail.yahoo.com (smtp018.mail.yahoo.com [216.136.174.115]) by above.proper.com (8.11.6/8.11.3) with SMTP id f84NIAD02644 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 16:18:10 -0700 (PDT)
Received: from c1157592-b.skokie1.il.home.com (HELO rpca) (65.3.237.109) by smtp.mail.vip.sc5.yahoo.com with SMTP; 4 Sep 2001 23:17:53 -0000
X-Apparently-From: <kladhan1@yahoo.com>
From: "Karim Ladhani" <kladhan1@yahoo.com>
To: "Simonato Carolina" <carolina.simonato@infocamere.it>, "IETF-PKIX" <ietf-pkix@imc.org>
Subject: RE: Question: who signs a CRL if the CAcertificate, that signs it, is immediately revoked?
Date: Tue, 4 Sep 2001 18:15:39 -0500
Message-ID: <NFBBJFJFNKECIBAEBADPCEEMCBAA.kladhan1@yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: <3B94F64F.77379910@infocamere.it>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Carolina,
Typically in a PKI the Root CA has multiple key pairs and their key usages
are split up (certificate signing,CRL signing,etc). So in the event that the
certificate signing key is compromised, it would still be able to sign the
CRL since it would use a different pair of keys to do so.
Karim Ladhani
-----Original Message-----
From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Simonato Carolina
Sent: Tuesday, September 04, 2001 10:42 AM
To: IETF-PKIX
Subject: Question: who signs a CRL if the CAcertificate, that signs it,
is immediately revoked?
Hello all!
Suppose a simple situation in which a certificate chain is constituted
only by two certificates: a trusted (by some important authority) root
certificate (self-signed) and an end-entity certificate, signed by that
root certificate.
The same root certificate also signs the certificate revocation list (a
unique crl that contains all revoked certificates- for all reasons).
The problem is: who signs the crl when the root certificate is
immediately revoked, because of, for example, cacompromise?
Probably it is necessary to create a new couple of keys (and so a new
root certificate) and sign the crl with the new ca private key?
Or is it possible to create a couple of CA keys to sign only
certificate revocation list and not to make provision for revoking this
last ca root certificate?
I would like to riceive suggestions about this topic.
Thank you in advance.
regards
Carolina
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84MYqc01796 for ietf-pkix-bks; Tue, 4 Sep 2001 15:34:52 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84MYnD01792 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 15:34:49 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 04 Sep 2001 16:34:41 -0600
Message-Id: <sb9502a1.085@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Tue, 04 Sep 2001 16:35:57 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <myers@coastside.net>
Cc: <ietf-pkix@imc.org>
Subject: RE: charter revisions
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f84MYpD01793
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Michael,
Certainly you and I, and Russ, and a handful of Steves, and countless others, have been involved in this WG for so long that it sometimes feels like it was our life's mission.
However, I think it might be a bit premature to suggest that PKIX be disbanded when there is relatively scant evidence (outside of SSL) that even the most basic goals of PKI have been achieved with anything close to ubiquity. To the contrary, lots of people are suggesting that "PKI is dead", without, of course, having an alternative suggestion ¯ except perhaps to throw the buggers out and have a new team start all over, this time presumably encoding everything in XML.
(There might even be some merit in the "throw the buggers out" school of thought, for if we aren't part of the solution, perhaps we are part of the problem. I don't think so ¯ I would prefer to think that we were just ahead of our time. Some of us, of course, may be a little more ahead of our time than others. :-) And I'm sure we all have our own personal list of those features we would most like to see added, and if push came to shove, which ones we never cared about in the first place. Speaking only personally, I crossed that point a long time ago with respect to DPV/DPD, TSP, certain forms of cross-certification, and some other things that I probably don't understand well enough to care much about, and happily so.)
But although I might question the wisdom of continuing to proliferate this, that, and the other option during the technical discussion, I wouldn't try to invoke cloture before the debate had even started.
I wouldn't go quite as far as Patrick Henry's "I disagree with what you say, but will defend to the death your right to say it", but I don't think that we need to have that discussion as part of the charter. That seems to be putting the cart before the horse. Instead, we should allow those who espouse the idea to work up an RFC and submit it, and if a rough consensus emerges, so be it. If not, the idea may languish forever as an experimental RFC, or it may go nowhere at all, with little harm done. And some careful consideration might prevent someone from going off and offering something really dumb as a proprietary solution.
As far as Dave Fillingham's ideas regarding clearances and other privileges are concerned, I absolutely agree with the basic thought, and would be more than willing to contribute a number of ideas of my own in that arena. If as alleged the PKI "movement" has been less than successful, it is arguably because we have concentrated far too much on identity, and trying to implement the world's finest system of identity-based nonrepudiation, while almost completely ignoring the basic concept of trust, particularly as regards the end user.
No one cares much whether my name is Robert, Bob, or Beelzebub. What they really want to know is what I am allowed to DO, and whether there is enough money in my account to pay for it, and who says so. Attribute certificates don't begin to really solve that problem, IMHO, for a host of reasons I won't get into.
So should we simply that we're tired, throw up our hands, and go fishing, i.e., leave it to the XACML crowd to try it get right? I hope not.
A friend recently characterized their apartment complex as being made up of the "newly wed, and nearly dead". This WG may be nearer the second than the first, but I don't think it is time to call for the Last Rights quite yet.
Bob
>>> "Michael Myers" <myers@coastside.net> 09/04/01 03:33PM >>>
Bob,
Ignoring for a moment the durability of the IPSEC WG, as an IETF WG, PKIX
must eventually close. Of course, it's the chairs' call as to that precise
timing but towards those considerations, I join those who say that the value
added by addressing logotypes (and concomitantly extending the charter) does
not warrant the energy required to fully address the requirements,
particularly when placed in the context of the WG's predictable closure.
At some point, we should declare victory and go fishing. In my opinion,
that state is most clearly signaled by closure of the DPV/DPD issues.
Beyond that, I look forward to various other fora to step forward.
Basically, move the feast.
In my individual opinion as a WG participant, logotypes are no more
technically fundamental to PKIX's mission than, say, the use of Subject
Directory Attributes to convey clearance constraints. In fact, if someone
were to put the two on equal terms and call for a vote, I'd go for the
latter. What Dave Fillingham et. al. put together deserves far broader
exposure than it's received to date. My sense is that such considerations
would have longer-reaching impact than logotypes.
But that's just my opinion. I could be wrong.
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com
> -----Original Message-----
> From: Bob Jueneman [mailto:bjueneman@novell.com]
> Sent: Tuesday, September 04, 2001 1:11 PM
>
> . . . is there any evidence that the WG is running out of energy?
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84LZD900860 for ietf-pkix-bks; Tue, 4 Sep 2001 14:35:13 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84LZCD00856 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 14:35:12 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f84LZDH00768; Tue, 4 Sep 2001 14:35:13 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: "Bob Jueneman" <bjueneman@novell.com>
Cc: <ietf-pkix@imc.org>
Subject: RE: charter revisions
Date: Tue, 4 Sep 2001 14:33:55 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDGEJFCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <sb94e051.031@prv-mail20.provo.novell.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Bob,
Ignoring for a moment the durability of the IPSEC WG, as an IETF WG, PKIX
must eventually close. Of course, it's the chairs' call as to that precise
timing but towards those considerations, I join those who say that the value
added by addressing logotypes (and concomitantly extending the charter) does
not warrant the energy required to fully address the requirements,
particularly when placed in the context of the WG's predictable closure.
At some point, we should declare victory and go fishing. In my opinion,
that state is most clearly signaled by closure of the DPV/DPD issues.
Beyond that, I look forward to various other fora to step forward.
Basically, move the feast.
In my individual opinion as a WG participant, logotypes are no more
technically fundamental to PKIX's mission than, say, the use of Subject
Directory Attributes to convey clearance constraints. In fact, if someone
were to put the two on equal terms and call for a vote, I'd go for the
latter. What Dave Fillingham et. al. put together deserves far broader
exposure than it's received to date. My sense is that such considerations
would have longer-reaching impact than logotypes.
But that's just my opinion. I could be wrong.
Mike
Michael Myers
t: +415.819.1362
e: mailto:mike@traceroutesecurity.com
w: http://www.traceroutesecurity.com
> -----Original Message-----
> From: Bob Jueneman [mailto:bjueneman@novell.com]
> Sent: Tuesday, September 04, 2001 1:11 PM
>
> . . . is there any evidence that the WG is running out of energy?
Received: by above.proper.com (8.11.6/8.11.3) id f84LBWN00410 for ietf-pkix-bks; Tue, 4 Sep 2001 14:11:32 -0700 (PDT)
Received: from [165.227.249.20] (ip20.proper.com [165.227.249.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84LBTD00403 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 14:11:29 -0700 (PDT)
Mime-Version: 1.0
X-Sender: phoffman@mail.imc.org
Message-Id: <p05100327b7baf1ca610b@[165.227.249.20]>
In-Reply-To: <3B94FA41.47317BB8@sun.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com>
Date: Tue, 4 Sep 2001 14:11:23 -0700
To: ietf-pkix@imc.org
From: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: charter revisions
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
>Unless the author of the Internet Draft indicates otherwise, I will
>assume that the primary purpose of putting logotypes in certificates
>is so that users can view them to make decisions about whether the
>certificates are trustworthy. In that case, the risks are much greater
>than those for the use case you described.
Are the risks any greater than what we have in 2459 now with spelling
errors or things like "FooCA type 1 certificate" vs. "FooCA type 2
certificate"? I agree with Russ that the benefits are higher, but I'm
not at all convinced that the risks are higher.
>Unless we can develop a fairly secure way to meet the "marketing
>requirement" for logotypes in certificates, I would say that it is
>our obligation as an IETF working group to NOT accept this as a
>work item. Much better to have multiple incompatible ways
>to do something insecure (probably resulting in little deployment
>of this feature) than to have the PKIX working group issue an RFC
>explaining the one true way to do it. We are in the Security area,
>after all!
The end of that paragraph doesn't follow from the beginning of the
paragraph. As long as the method we described doesn't have any
security holes, it doesn't matter if we meet some pre-existing
marketing "need". Further, some of the multiple, non-interoperable
protocols are likely to have security problems; that is worse than
having one protocol that doesn't meet the need of some CAs.
At 10:34 AM -0700 9/4/01, Michael Myers wrote:
>I agree with Stephen Farrell and Steve Hanna that logotypes are out of
>scope.
They are out of scope; the discussion is whether to add them to the scope.
> These needs are better addressed by other forums.
Such as...?
> Let's focus the
>WG's remaining energy on resolving DPV/DPD issues.
The current charter has much more than that already. The "focus" on
DPV/DPD is already so fuzzy that it is probably just wishful to hope
for much more.
--Paul Hoffman, Director
--Internet Mail Consortium
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84K8Ol27432 for ietf-pkix-bks; Tue, 4 Sep 2001 13:08:24 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84K8MD27082 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 13:08:22 -0700 (PDT)
Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 04 Sep 2001 14:08:17 -0600
Message-Id: <sb94e051.032@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 6.0
Date: Tue, 04 Sep 2001 14:10:40 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <myers@coastside.net>
Cc: <ietf-pkix@imc.org>
Subject: RE: charter revisions
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f84K8MD27171
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hi, Michael,
I realize that this summer has seen some rolling blackouts, particularly on the west coast, but is there any evidence that the WG is running out of energy? If so, is there any evidence that DPV/DPD is more deserving of those last few dying breaths than anything else? :-)
I'd like to make one observation ¯ that most of the comments about the security of logos, the ability to enforce their legal usage, the difficulty of cross-certifying them, etc., apply primarily to the use of PUBLIC CAs, a la VeriSign, etc.
But without naysaying their use in such a context, I think there is also a significant potential use for branding in the case of closed PKI communities, such as certificates issued by American Express or Visa to their merchants, if not to their customers. And the local Board of Realtors may wish to hand out logos to the individual Realtors(tm), even if the certificates are issued by VeriSign. And maybe the Masons, and the Elk, and Mary Kay, and maybe the Democrats and the NRA would want to get in on the act as well, to give their members sort of a "vanity plate" certificate. And who is to say no, especially if someone could finally make some money in the business?
In fact, one possible compromise ¯ one that I am neither advocating nor deprecating, merely pointing out ¯ would be to restrict the use of logos to end-entity certificates, whereupon most of he issues of cross-certification, name subordination, etc., go away immediately.
There is still the possibility that a CA violates the logo trademark and hands it out to someone without authorization, but any CA I know of has more than enough lawyers to realize the consequences of trademark infringement, so I don't think we need to worry about that.
Bob
>>> "Michael Myers" <myers@coastside.net> 09/04/01 11:34AM >>>
All,
I agree with Stephen Farrell and Steve Hanna that logotypes are out of
scope. These needs are better addressed by other forums. Let's focus the
WG's remaining energy on resolving DPV/DPD issues.
Mike
> On Thursday, August 30, 2001 2:35 AM Stephen Farrell wrote in part:
> . . .
> Steve (K),
>
> I'd have to agree with Steve H, though maybe not as strongly.
> My suggestion would be to limit the additional items to the
> dpd/dpv.
> On Wednesday, August 29, 2001 2:01 PM Steve Hanna wrote in part:
>
> . . . I don't think PKIX should do any work on the
> logotype extension. I know that there is a demand for this from
> marketing folks, but I don't believe that we should standardize it
> unless it can be used securely. This does not seem possible.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84K0YM17176 for ietf-pkix-bks; Tue, 4 Sep 2001 13:00:34 -0700 (PDT)
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84K0WD17012 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 13:00:32 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id OAA26609; Tue, 4 Sep 2001 14:00:30 -0600 (MDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id QAA01119; Tue, 4 Sep 2001 16:00:31 -0400 (EDT)
Message-ID: <3B9532CC.EF74B9E8@sun.com>
Date: Tue, 04 Sep 2001 16:00:12 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com> <p05010403b7bab9e15dcc@[128.33.84.34]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Stephen Kent wrote:
> The same name may be used for products or by organizations in
> different "areas" if there is a belief that no confusion will result.
> However, a trademark, in its graphic form, is also a copyrighted image
> and as such is subject to a different set of legal rules that
> generally prohibit outright duplication. The legal challenges arise
> when two logos seem too similar to one another, in the eyes of one of
> the logo holders, and this is when courts step in and adjudicate the
> dispute. Nonetheless, this discussion does not argue against the
> ability of a CA to make a judgement about the legitimacy of a
> subject's claim to the right to use a trademarked logo. Perahps the
> point you're making above is that logos may not be as uniquely helpful
> in identifying an organization because of the possibility of similar
> logos being used by entities in different areas. That's a fair
> critique, but in a different dimension.
I don't think copyright would help much if two companies had trademarks
in different countries for a logo that looks like a red circle. But
IANAL, so I will abandon that line of argument. Maybe the international
copyright and trademark system is strong enough to ensure that the same
logo cannot be registered by two different entities in different
countries, even if one of those entities is a sham operated by criminals
for the purpose of impersonating the other.
You do make a good point that two logos different enough to be legally
distinct may not be distinguishable to the average user. It's also true
that users may not remember the logo associated with a particular
company. Visa, yes. But maybe not Schwab.
> > Do we know of any CAs that want to include logotypes in certificates
> > that they issue, plan to verify those logotypes, and would be
> > willing to
> > provide some sort of assurances to back that up in their CPS's?
>
> Stefan represents one such CA service provider.
Really? I haven't heard Stefan say anything about how AddTrust would
verify logotypes or what assurances his company would provide in this
regard. Maybe he told you this in private conversation.
> I would prefer to find a way to impose some form of constraint on
> the appearance of logos analogous to what we do in cross certs for names
> or policies. because a logo is not structured, the name constraints
> mechanism can never be used in so precise a fashion, even if we choose
> to put a logo in some name form. but, it would be nice to have a way
> to prevent a CA further down a cross-cert chain from introducing a
> logo if one wants to prevent such action. Just because we don't have a
> mechanism to do this yet doesn't mean we can't work toward one.
This would mean that all existing cross-certificates would allow
logotypes in certificates. It might be better to say that certificate
containing a logotype should not be validated (or, at least, the
logotype should be ignored) unless all preceding certificates in the
path have an extension that says logotypes are allowed.
> > > >Third, an apparently innocuous logotype can change appearance
> > radically
> > > >when scaled to a smaller size or mapped to a different number of
> > colors.
> > > >This can be exploited to deceive cell phone users into thinking
> > that
> > > >they're communicating with their bank, for instance.
> > >
> > > I had not considered this issue. we should explore ways that this
> > > problem might be avoided. presumably anyone displaying a logo on a
> > > web page has a similar concern, so maybe there are viable means to
> > > address this issue.
> >
> > The problem with displaying a logo on a web page is different
> > (unless I
> > didn't understand you). With a logo in a certificate, we want to
> > make
> > sure that the person requesting the certificate doesn't trademark a
> > bogus logo and get it included in their certificate just so they can
> > trick a user who sees a scaled-down version of the logo into
> > believing
> > it's a trusted logo. The closest analogy is getting a web server
> > certificate for paypa1.com (where the letter ell is actually a
> > number
> > one). If you can get the user to click on an https://www.paypa1.com
> > URL,
> > the user will think they are viewing a secure paypal website if the
> > font
> > they use to view URLs displays ell and one the same way.
> >
> > When viewing a logo on a web page, the user should not make
> > decisions
> > about whose web page it is based on the logo. Instead, we have been
> > trying to convince them to look at the host name in the URL and
> > check
> > that the padlock or key is lit up to indicate that an SSL connection
> > is
>
> > in use.
>
> The reality is that logos on web pages are designed to inspire
> confidence in users based on visiting the web page, period. Yes,
> someone can put up a similar logo to try to fool people, or even put
> up the valid logo without the permission of the logo owner. We rely on
> the legal system to detect and remedy these problems, ex post facto.
> That's not as good as preventing them, but many folks argue that it is
> better than not offering a logo-based marking facility. When it comes
> to putting logos in certs, we have a better mechanism in many cases,
> since the binding is secured and there are fewer CAs than there are
> web sites.
Just seeing a logo on a web page doesn't inspire much confidence in me.
Yes, the logo owner will probably pursue those who misuse the logo. But
the Internet is a rough place. The miscreants may skip town with no
forwarding address and I (the user) will be very sad if I gave them my
brokerage account password and they emptied the account.
That's why we have HTTPS. The end user notices that the padlock or key
is lit up and decides that the host name in the URL is OK, so they enter
their brokerage account password. If we change this so that the user is
deciding that a *logo* is OK, I want to make sure the binding between
the logotype and the public key is secure and that the logotype that
appears in the certificate is properly displayed to the user.
But this is completely pedantic. The original issue was that a logo can
change appearance when it's scaled or mapped to different colors. A pink
circle is different from a green circle for trademark and copyright
purposes. But how do you distinguish them when they're displayed on a
black and white screen? I don't think that web page technology has any
magic bullets in this area. And what about blind users? With URLs, they
can have their screen-reader read the URL back to them. Graphics will be
completely inaccessible.
-Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84JtV012534 for ietf-pkix-bks; Tue, 4 Sep 2001 12:55:31 -0700 (PDT)
Received: from zolera.com (IDENT:root@[63.142.188.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84JtSD12264 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 12:55:28 -0700 (PDT)
Received: from zolera.com (os390.zolera.com [10.0.1.9]) by zolera.com (8.11.0/8.11.0) with ESMTP id f84JtYB28778; Tue, 4 Sep 2001 15:55:35 -0400
Message-ID: <3B9531B8.8A723AD5@zolera.com>
Date: Tue, 04 Sep 2001 15:55:36 -0400
From: Rich Salz <rsalz@zolera.com>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Michael Myers <myers@coastside.net>
CC: Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <EOEGJNFMMIBDKGFONJJDAEIMCEAA.myers@coastside.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Is the CA processing for adding a logo extension any different from
adding any other extension? I don't see how/why.
Can't this work item be accomplished just by an RFC that assigns OID's
to some popular image formats?
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84HdcG22971 for ietf-pkix-bks; Tue, 4 Sep 2001 10:39:38 -0700 (PDT)
Received: from geos.coastside.net (geos.coastside.net [207.213.212.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84HdbD22967 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 10:39:37 -0700 (PDT)
Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by geos.coastside.net (8.11.0/8.11.3) with SMTP id f84HZSH06802; Tue, 4 Sep 2001 10:35:28 -0700 (PDT)
From: "Michael Myers" <myers@coastside.net>
To: <stephen.farrell@baltimore.ie>, "Stephen Kent" <kent@bbn.com>
Cc: "Steve Hanna" <steve.hanna@sun.com>, <ietf-pkix@imc.org>
Subject: RE: charter revisions
Date: Tue, 4 Sep 2001 10:34:10 -0700
Message-ID: <EOEGJNFMMIBDKGFONJJDAEIMCEAA.myers@coastside.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <3B8E08CA.5C1F2AF1@baltimore.ie>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
All,
I agree with Stephen Farrell and Steve Hanna that logotypes are out of
scope. These needs are better addressed by other forums. Let's focus the
WG's remaining energy on resolving DPV/DPD issues.
Mike
> On Thursday, August 30, 2001 2:35 AM Stephen Farrell wrote in part:
> . . .
> Steve (K),
>
> I'd have to agree with Steve H, though maybe not as strongly.
> My suggestion would be to limit the additional items to the
> dpd/dpv.
> On Wednesday, August 29, 2001 2:01 PM Steve Hanna wrote in part:
>
> . . . I don't think PKIX should do any work on the
> logotype extension. I know that there is a demand for this from
> marketing folks, but I don't believe that we should standardize it
> unless it can be used securely. This does not seem possible.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84HYSf22756 for ietf-pkix-bks; Tue, 4 Sep 2001 10:34:28 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84HYLD22752 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 10:34:22 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id NAA29280; Tue, 4 Sep 2001 13:35:55 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010405b7babf0191e9@[128.33.84.34]>
In-Reply-To: <3B950772.7E6910EE@bull.net>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com> <3B950772.7E6910EE@bull.net>
Date: Tue, 4 Sep 2001 13:28:09 -0400
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions (2)
Cc: Steve Hanna <steve.hanna@sun.com>, "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 6:55 PM +0200 9/4/01, Denis Pinkas wrote:
>Steve,
>
>I have much sympathy with your position. During the London meeting
>I expressed reservations (not to say more) about this idea.
>
>I have a major problem with the wording below:
>
>"Not all of these items may become standards track RFCs. Some may become
>INFORMATIONAL or EXPERIMENTAL RFCs."
>
>It implicity means that the document will either become a STANDARD, an
>INFORMATIONAL or an EXPERIMENTAL RFCs, while the logo type document could
>never turn out into an RFC at all, because several member of the WG have
>expressed reservations.
>
>ISO has the concept of a "study period" where ideas can be debated before a
>NWI is placed on the menu. We don't have officially this equivalent.
>However, in that case, it would be wise to adopt a similar approach:
>it seems too early to include the logo type proposal on the charter, at
>least using the current wording mentionned above.
>
>However, it also seems difficult to refuse any discussion on that topic,
>even if, for some of us, it will be a waste of our time to argue on the
>advantages and disadvantages of the proposal.
>
>So I propose the following compromise: to allow for the discussion on that
>topic on the mailing list, without for the time being any commitment from
>the WG that the proposal will ever become a STANDARD, an INFORMATIONAL or an
>EXPERIMENTAL RFC.
>
>Denis
I know that I was not the "Steve" to whom the message was addressed,
but since Tim and I drafted the revised charter I will reply anyway.
We could reword the charter to not require that the new work items
yield an RFC, i.e., one of more of the proposed items may fail to
make it as an RFC. However, because publication as an Informational
RFC is generally an easy thing to do, absent a strong negative
reactions by a WG, I think it likely that all of the items cited have
a very good opportunity to become RFCs in one of the 3 forms noted.
Steve
Received: by above.proper.com (8.11.6/8.11.3) id f84HOX922559 for ietf-pkix-bks; Tue, 4 Sep 2001 10:24:33 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84HOVD22555 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 10:24:31 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id NAA27389; Tue, 4 Sep 2001 13:26:36 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010404b7babe9a79ed@[128.33.84.34]>
In-Reply-To: <3B950681.9355D577@bull.net>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B950681.9355D577@bull.net>
Date: Tue, 4 Sep 2001 13:24:45 -0400
To: Denis Pinkas <Denis.Pinkas@bull.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 6:51 PM +0200 9/4/01, Denis Pinkas wrote:
>Steve,
>
>This is a very late answer, but I took some more vacations. :-)
>
>During the London meeting I presented some preliminary work about an
>INFORMATIONAL RFC on PKI Disaster Planning and Recovery and I realized that
>this is not included in the new charter.
Good point. We can include this topic if others support it's inclusion.
>
>I would think that the following time table could be appropriate:
>
> 3/04 PKI Disaster Planning and Recovery. INFORMATIONAL RFC.
OK, pending resolution of the above comment.
>
>Would it still be possible to add it to the list ?
Yes.
>
>I also found that 3/02 for DPV/DPD Protocols RFCs, may be a little bit
>optimistic. 3/04 would probably be more appropriate.
OK, I'll make that change.
Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84HOOt22551 for ietf-pkix-bks; Tue, 4 Sep 2001 10:24:24 -0700 (PDT)
Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84HOMD22543 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 10:24:22 -0700 (PDT)
Received: from [128.33.84.34] (comsec.bbn.com [128.33.84.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id NAA27381; Tue, 4 Sep 2001 13:26:35 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010403b7bab9e15dcc@[128.33.84.34]>
In-Reply-To: <3B94FA2E.6472B276@sun.com>
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]> <3B94FA2E.6472B276@sun.com>
Date: Tue, 4 Sep 2001 13:22:52 -0400
To: Steve Hanna <steve.hanna@sun.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: charter revisions
Cc: ietf-pkix@imc.org
Content-Type: multipart/alternative; boundary="============_-1212498106==_ma============"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
--============_-1212498106==_ma============
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: quoted-printable
At 11:58 AM -0400 9/4/01, Steve Hanna wrote:
>Stephen Kent wrote:
>> Just as a CA may employ various means to verify a subject's claim to
>> a name, a CA can employ analogous means to verify a subject's claim
>> to a logotype. In fact, this may be relatively easy to verify if the
>> logo is a registered trademark (something a CA could require via its
>> CPS).
>
>As Michael Str=F6der pointed out, this may not be easy for CAs. Requiring
>that a logo be a registered trademark doesn't mean that there won't be
>conflicts. A particular logo can be trademarked by different parties in
>different countries. In fact, it can sometimes be trademarked by
>different parties in the same country if there is little likelihood of
>confusion (as when the goods identified are very different). And it may
>be difficult for a CA to judge whether a particular image matches a
>registered trademark. Verifying someone's right to use a DNS name or
>email address is much easier.
The same name may be used for products or by organizations in
different "areas" if there is a belief that no confusion will result.
However, a trademark, in its graphic form, is also a copyrighted
image and as such is subject to a different set of legal rules that
generally prohibit outright duplication. The legal challenges arise
when two logos seem too similar to one another, in the eyes of one of
the logo holders, and this is when courts step in and adjudicate the
dispute. Nonetheless, this discussion does not argue against the
ability of a CA to make a judgement about the legitimacy of a
subject's claim to the right to use a trademarked logo. Perahps the
point you're making above is that logos may not be as uniquely
helpful in identifying an organization because of the possibility of
similar logos being used by entities in different areas. That's a
fair critique, but in a different dimension.
>Do we know of any CAs that want to include logotypes in certificates
>that they issue, plan to verify those logotypes, and would be willing to
>provide some sort of assurances to back that up in their CPS's?
Stefan represents one such CA service provider.
>If not, I will claim that including logotypes in certificates will have
>a negative effect on security. Some CAs will be glad to charge extra to
>include a logotype, but if the CA does not verify the logotype and
>disclaims all responsibility for the correctness of the logotype, then
>what's the point? The user will be misled into believing that the
>logotypes have some security significance.
PKIX has long adopted the position that a CA should not include data
in certs that the CA does not verify, even though this is not a
universally agreed upon position. The same philosophy could apply
here.
>Certainly, CAs are welcome to include anything they want in their
>certificates. But we should not provide a PKIX blessing unless there is
>some security benefit.
See comments immediately above.
>
>> >Second, there's no equivalent to name constraints for use in cross
>> >certificates. If I cross certify someone, I just have to trust that the=
y
>> >(and anyone they certify) will only put proper logotypes into
>> >certificates.
>>
>> This has been my greatest concern as well, and I'd like to see a
>> better proposal on how to better control use of the extension.
>> Stefan rejected some approaches, and provided rationales for the
>> rejections, but that doesn't mean that we have to live with the
>> current proposal if the WG finds the inherent security problematic.
>
>Since the logotypes are to be used to identify issuers and subjects,
>I think we must develop a solution to this problem. Otherwise, a
>cross-certificate represents complete trust in the subject to
>certify anyone.
I would prefer to find a way to impose some form of constraint on the
appearance of logos analogous to what we do in cross certs for names
or policies. because a logo is not structured, the name constraints
mechanism can never be used in so precise a fashion, even if we
choose to put a logo in some name form. but, it would be nice to have
a way to prevent a CA further down a cross-cert chain from
introducing a logo if one wants to prevent such action. Just because
we don't have a mechanism to do this yet doesn't mean we can't work
toward one.
> > >Third, an apparently innocuous logotype can change appearance radicall=
y
>> >when scaled to a smaller size or mapped to a different number of colors=
=2E
>> >This can be exploited to deceive cell phone users into thinking that
>> >they're communicating with their bank, for instance.
>>
>> I had not considered this issue. we should explore ways that this
>> problem might be avoided. presumably anyone displaying a logo on a
>> web page has a similar concern, so maybe there are viable means to
>> address this issue.
>
>The problem with displaying a logo on a web page is different (unless I
>didn't understand you). With a logo in a certificate, we want to make
>sure that the person requesting the certificate doesn't trademark a
>bogus logo and get it included in their certificate just so they can
>trick a user who sees a scaled-down version of the logo into believing
>it's a trusted logo. The closest analogy is getting a web server
>certificate for paypa1.com (where the letter ell is actually a number
>one). If you can get the user to click on an https://www.paypa1.com URL,
>the user will think they are viewing a secure paypal website if the font
>they use to view URLs displays ell and one the same way.
>
>When viewing a logo on a web page, the user should not make decisions
>about whose web page it is based on the logo. Instead, we have been
>trying to convince them to look at the host name in the URL and check
>that the padlock or key is lit up to indicate that an SSL connection is
>in use.
The reality is that logos on web pages are designed to inspire
confidence in users based on visiting the web page, period. Yes,
someone can put up a similar logo to try to fool people, or even put
up the valid logo without the permission of the logo owner. We rely
on the legal system to detect and remedy these problems, ex post
facto. That's not as good as preventing them, but many folks argue
that it is better than not offering a logo-based marking facility.
When it comes to putting logos in certs, we have a better mechanism
in many cases, since the binding is secured and there are fewer CAs
than there are web sites.
>
>> >Unless these concerns can be addressed, I do not think that this
>> >proposal is safe and secure. And I do not think that the IETF should
>> >publish an RFC on a fundamentally insecure idea, especially from a
>> >security working group.
>>
>> The attribute RFC has some problems too, in that bad choices of how
>> to map an AC to a PKC can result in security failures, right? So,
>> the issue is not whether there are insecure ways to make use of the
>> extension, but whether there are ways to make its use secure and
>> whether, on the balance, we think appropriate use of the extension
>> is beneficial, from a security (not marketing) perspective.
>
>Agreed. If we believe that IETF standardization of this extension will
>be beneficial from a security perspective, then we should go ahead with
>it. Otherwise, we should not. I remain unconvinced.
>
>-Steve
>
>P.S. Note that I have no personal advantage (and, as far as I know, my
>employer has no corporate advantage) to gain by the adoption or failure
>of this particular proposal. My views are my own and don't represent the
>views of Sun Microsystems. I just want to see the working group spend
>its energies on worthwhile projects.
Same here.
Steve
--============_-1212498106==_ma============
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type=3D"text/css"><!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
--></style><title>Re: charter revisions</title></head><body>
<div>At 11:58 AM -0400 9/4/01, Steve Hanna wrote:</div>
<blockquote type=3D"cite" cite>Stephen Kent wrote:<br>
> Just as a CA may employ various means to verify a subject's claim
to<br>
> a name, a CA can employ analogous means to verify a subject's
claim<br>
> to a logotype. In fact, this may be relatively easy to
verify if the<br>
> logo is a registered trademark (something a CA could require via
its<br>
> CPS).<br>
<br>
As Michael Str=F6der pointed out, this may not be easy for CAs.
Requiring<br>
that a logo be a registered trademark doesn't mean that there won't
be<br>
conflicts. A particular logo can be trademarked by different parties
in<br>
different countries. In fact, it can sometimes be trademarked by<br>
different parties in the same country if there is little likelihood
of<br>
confusion (as when the goods identified are very different). And it
may<br>
be difficult for a CA to judge whether a particular image matches
a<br>
registered trademark. Verifying someone's right to use a DNS name
or</blockquote>
<blockquote type=3D"cite" cite>email address is much
easier.</blockquote>
<div><br></div>
<div>The same<u> name</u> may be used for products or by organizations
in different "areas" if there is a belief that no confusion
will result. However, a trademark, in its graphic form, is also a
copyrighted image and as such is subject to a different set of legal
rules that generally prohibit outright duplication. The legal
challenges arise when two logos seem too similar to one another, in
the eyes of one of the logo holders, and this is when courts step in
and adjudicate the dispute. Nonetheless, this discussion does not
argue against the ability of a CA to make a judgement about the
legitimacy of a subject's claim to the right to use a trademarked
logo. Perahps the point you're making above is that logos may not be
as uniquely helpful in identifying an organization because of the
possibility of similar logos being used by entities in different
areas. That's a fair critique, but in a different dimension.</div>
<div><br></div>
<blockquote type=3D"cite" cite>Do we know of any CAs that want to
include logotypes in certificates<br>
that they issue, plan to verify those logotypes, and would be willing
to<br>
provide some sort of assurances to back that up in their
CPS's?</blockquote>
<div><br></div>
<div>Stefan represents one such CA service provider.</div>
<div><br></div>
<blockquote type=3D"cite" cite>If not, I will claim that including
logotypes in certificates will have<br>
a negative effect on security. Some CAs will be glad to charge extra
to<br>
include a logotype, but if the CA does not verify the logotype and<br>
disclaims all responsibility for the correctness of the logotype,
then<br>
what's the point? The user will be misled into believing that
the</blockquote>
<blockquote type=3D"cite" cite>logotypes have some security
significance.</blockquote>
<div><br></div>
<div>PKIX has long adopted the position that a CA should not include
data in certs that the CA does not verify, even though this is not a
universally agreed upon position. The same philosophy could
apply here.</div>
<div><br></div>
<blockquote type=3D"cite" cite>Certainly, CAs are welcome to include
anything they want in their<br>
certificates. But we should not provide a PKIX blessing unless there
is</blockquote>
<blockquote type=3D"cite" cite>some security benefit.</blockquote>
<div><br></div>
<div>See comments immediately above.</div>
<div><br></div>
<blockquote type=3D"cite" cite><br>
> >Second, there's no equivalent to name constraints for use in
cross<br>
> >certificates. If I cross certify someone, I just have to
trust that they<br>
> >(and anyone they certify) will only put proper logotypes
into<br>
> >certificates.<br>
><br>
> This has been my greatest concern as well, and I'd like to see
a<br>
> better proposal on how to better control use of the
extension.<br>
> Stefan rejected some approaches, and provided rationales for
the<br>
> rejections, but that doesn't mean that we have to live with
the<br>
> current proposal if the WG finds the inherent security
problematic.<br>
<br>
Since the logotypes are to be used to identify issuers and
subjects,<br>
I think we must develop a solution to this problem. Otherwise, a<br>
cross-certificate represents complete trust in the subject to<br>
certify anyone.</blockquote>
<div><br></div>
<div>I would prefer to find a way to impose some form of constraint on
the appearance of logos analogous to what we do in cross certs for
names or policies. because a logo is not structured, the name
constraints mechanism can never be used in so precise a fashion, even
if we choose to put a logo in some name form. but, it would be nice to
have a way to prevent a CA further down a cross-cert chain from
introducing a logo if one wants to prevent such action. Just because
we don't have a mechanism to do this yet doesn't mean we can't work
toward one.</div>
<div><br></div>
<blockquote type=3D"cite" cite>> >Third, an apparently innocuous
logotype can change appearance radically<br>
> >when scaled to a smaller size or mapped to a different number
of colors.<br>
> >This can be exploited to deceive cell phone users into
thinking that<br>
> >they're communicating with their bank, for instance.<br>
><br>
> I had not considered this issue. we should explore ways that
this<br>
> problem might be avoided. presumably anyone displaying a logo on
a<br>
> web page has a similar concern, so maybe there are viable means
to<br>
> address this issue.<br>
<br>
The problem with displaying a logo on a web page is different (unless
I<br>
didn't understand you). With a logo in a certificate, we want to
make<br>
sure that the person requesting the certificate doesn't trademark
a<br>
bogus logo and get it included in their certificate just so they
can<br>
trick a user who sees a scaled-down version of the logo into
believing<br>
it's a trusted logo. The closest analogy is getting a web server<br>
certificate for paypa1.com (where the letter ell is actually a
number<br>
one). If you can get the user to click on an https://www.paypa1.com
URL,<br>
the user will think they are viewing a secure paypal website if the
font<br>
they use to view URLs displays ell and one the same way.<br>
<br>
When viewing a logo on a web page, the user should not make
decisions<br>
about whose web page it is based on the logo. Instead, we have
been<br>
trying to convince them to look at the host name in the URL and
check<br>
that the padlock or key is lit up to indicate that an SSL connection
is</blockquote>
<blockquote type=3D"cite" cite>in use.</blockquote>
<div><br></div>
<div>The reality is that logos on web pages are designed to inspire
confidence in users based on visiting the web page, period. Yes,
someone can put up a similar logo to try to fool people, or even put
up the valid logo without the permission of the logo owner. We rely on
the legal system to detect and remedy these problems, ex post facto.
That's not as good as preventing them, but many folks argue that it is
better than not offering a logo-based marking facility. When it
comes to putting logos in certs, we have a better mechanism in many
cases, since the binding is secured and there are fewer CAs than there
are web sites.</div>
<div><br></div>
<blockquote type=3D"cite" cite><br>
> >Unless these concerns can be addressed, I do not think that
this<br>
> >proposal is safe and secure. And I do not think that the IETF
should<br>
> >publish an RFC on a fundamentally insecure idea, especially
from a<br>
> >security working group.<br>
><br>
> The attribute RFC has some problems too, in that bad choices of
how<br>
> to map an AC to a PKC can result in security failures, right?
So,<br>
> the issue is not whether there are insecure ways to make use of
the<br>
> extension, but whether there are ways to make its use secure
and<br>
> whether, on the balance, we think appropriate use of the
extension<br>
> is beneficial, from a security (not marketing) perspective.<br>
<br>
Agreed. If we believe that IETF standardization of this extension
will<br>
be beneficial from a security perspective, then we should go ahead
with<br>
it. Otherwise, we should not. I remain unconvinced.<br>
<br>
-Steve<br>
<br>
P.S. Note that I have no personal advantage (and, as far as I know,
my<br>
employer has no corporate advantage) to gain by the adoption or
failure<br>
of this particular proposal. My views are my own and don't represent
the<br>
views of Sun Microsystems. I just want to see the working group
spend<br>
its energies on worthwhile projects.</blockquote>
<div><br></div>
<div>Same here.</div>
<div><br></div>
<div>Steve</div>
</body>
</html>
--============_-1212498106==_ma============--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84GtnC21870 for ietf-pkix-bks; Tue, 4 Sep 2001 09:55:49 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84GtlD21866 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 09:55:47 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA61688; Tue, 4 Sep 2001 18:57:46 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id SAA15618; Tue, 4 Sep 2001 18:55:14 +0200
Message-ID: <3B950772.7E6910EE@bull.net>
Date: Tue, 04 Sep 2001 18:55:14 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Steve Hanna <steve.hanna@sun.com>
CC: "Housley, Russ" <rhousley@rsasecurity.com>, Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org
Subject: Re: charter revisions (2)
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com> <3B94FA41.47317BB8@sun.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve,
I have much sympathy with your position. During the London meeting
I expressed reservations (not to say more) about this idea.
I have a major problem with the wording below:
"Not all of these items may become standards track RFCs. Some may become
INFORMATIONAL or EXPERIMENTAL RFCs."
It implicity means that the document will either become a STANDARD, an
INFORMATIONAL or an EXPERIMENTAL RFCs, while the logo type document could
never turn out into an RFC at all, because several member of the WG have
expressed reservations.
ISO has the concept of a "study period" where ideas can be debated before a
NWI is placed on the menu. We don't have officially this equivalent.
However, in that case, it would be wise to adopt a similar approach:
it seems too early to include the logo type proposal on the charter, at
least using the current wording mentionned above.
However, it also seems difficult to refuse any discussion on that topic,
even if, for some of us, it will be a waste of our time to argue on the
advantages and disadvantages of the proposal.
So I propose the following compromise: to allow for the discussion on that
topic on the mailing list, without for the time being any commitment from
the WG that the proposal will ever become a STANDARD, an INFORMATIONAL or an
EXPERIMENTAL RFC.
Denis
> > I do not think that we will see widespread deployment of
> > certificates without logos. One measure of success will be the
> > number of certificates that average Internet user have. Hopefully
> > every Internet user will have at least one. I suspect that as we
> > become successful, these logos will be the tag by which users
> > select a certificate.
>
> This is an interesting argument. I think you're saying that the user
> will find the logo useful when deciding which of his certificates to
> use (such as when signing an email or performing client authentication
> over SSL). If this were the primary use of logotypes in certificates,
> then the risks of displaying an invalid logo would be considerably
> reduced (the user might select the wrong one of his certificates to
> authenticate with). However, the current logotype Internet Draft does
> not describe this use case. All of the use cases described in section
> 1.1 of that document have the user looking at a logo to decide
> whether a certificate presented by some other party is trustworthy.
> In those cases, the risks of making an error are much greater.
>
> Unless the author of the Internet Draft indicates otherwise, I will
> assume that the primary purpose of putting logotypes in certificates
> is so that users can view them to make decisions about whether the
> certificates are trustworthy. In that case, the risks are much greater
> than those for the use case you described.
>
> > I do not want to see more than one way that logos can be put into
> > certificates. That is the most important reason for PKIX to be
> > involved in the definition. You seem to agree that the market has
> > a demand for logos. Letting each vendor devise an independent way
> > to meet this marketing requirement would be very bad for all
> > implementors.
>
> Unless we can develop a fairly secure way to meet the "marketing
> requirement" for logotypes in certificates, I would say that it is
> our obligation as an IETF working group to NOT accept this as a
> work item. Much better to have multiple incompatible ways
> to do something insecure (probably resulting in little deployment
> of this feature) than to have the PKIX working group issue an RFC
> explaining the one true way to do it. We are in the Security area,
> after all!
>
> > Anyway, we should not have the complete technical debate on a
> > threat about the charter.
>
> Certainly, we don't need to have the complete technical debate at
> this point. But there should be some requirement that work items
> be feasible and provide some security benefit before they are
> accepted by this working group. Otherwise, we will waste our time
> (and confuse the public) by accepting all sort of ideas and then
> having to throw them out.
>
> -Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84Gpmp21794 for ietf-pkix-bks; Tue, 4 Sep 2001 09:51:48 -0700 (PDT)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84GpkD21790 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 09:51:46 -0700 (PDT)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA25156; Tue, 4 Sep 2001 18:53:45 +0200
Received: from bull.net (frlva3786.frlv.bull.fr [129.184.37.97]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id SAA19218; Tue, 4 Sep 2001 18:51:13 +0200
Message-ID: <3B950681.9355D577@bull.net>
Date: Tue, 04 Sep 2001 18:51:13 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Integris. A Bull Company
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Steve,
This is a very late answer, but I took some more vacations. :-)
During the London meeting I presented some preliminary work about an
INFORMATIONAL RFC on PKI Disaster Planning and Recovery and I realized that
this is not included in the new charter.
I would think that the following time table could be appropriate:
3/04 PKI Disaster Planning and Recovery. INFORMATIONAL RFC.
Would it still be possible to add it to the list ?
I also found that 3/02 for DPV/DPD Protocols RFCs, may be a little bit
optimistic. 3/04 would probably be more appropriate.
Regards,
Denis
>
> Folks,
>
> We were pinged about the need to update the PKIX WG charter, both during
> the meeting in London, and via a message the chairs received from the IETF
> Secretariat. So, here is a proposed revision to the charter that Tim and I
> have developed. Please review it and provide comments by 8/28, so that we
> can post the revised charter by the end of the momth.
>
> Thanks,
>
> Steve
> -------
>
> Description of Working Group:
>
> The PKIX Working Group was established in the Fall of 1995 with the intent
> of developing Internet standards needed to support an X.509-based PKI. The
> scope of PKIX work has expanded beyond this initial goal. PKIX not only
> profiles ITU PKI standards, but also develops new standards apropos to the
> use of X.509-based PKIs in the Internet.
>
> PKIX has produced several informational and standards track documents in
> support of the original and revised scope of the WG. The first of these
> standards, RFC 2459, profiled X.509 version 3 certificates and version 2
> CRLs for use in the Internet. Profiles for the use of LDAP v2 for
> certificate and CRL storage (RFC 2587), the Internet X.509 Public Key
> Infrastructure Qualified Certificates Profile (RFC 2875), and the Internet
> X.509 Public Key Infrastructure Certificate Policy and certification
> Practices Framework (RFC 2527 - Informational) are in line with the
> initial scope.
>
> The Certificate Management Protocol (CMP) (RFC 2510), the Online
> Certificate Status Protocol (OCSP) (RFC 2560), Certificate Management
> Request Format (CRMF) (RFC 2511), Certificate Management Messages over
> CMS (RFC 2797), Internet X.509 Public Key Infrastructure Time Stamp
> Protocols (RFC xxxx), and the use of FTP and HTTP for transport of PKI
> operations (RFC 2585) are representative of the expanded scope of PKIX, as
> these are new protocols developed in the working group, not profiles of
> ITU PKI standards.
>
> A roadmap, providing a guide to the growing set of PKIX document, also has
> been developed as an informational RFC.
>
> Ongoing PKIX Work items
>
> An ongoing PKIX task is the progression of existing, standards track RFCs
> from PROPOSED to DRAFT. Also, to the extent that PKIX work relates to
> protocols from other areas, e.g., LDAP, it is necessary to track the
> evolution of the other protocols and produce updated RFCs. For example,
> the LDAP v2 documents from PKIX are evolving to address LDAP v3.
>
> New Work items for PKIX
>
> - production of a requirements RFC for delegated path discovery and path
> validation protocols (DPD/DPV) and subsequent production of RFCs for
> protocols that satisfy the requirements
>
> - development of an RFC for a logotype extension for certificates
>
> - development of a proxy certificate extension and associated processing
> rules
>
> Not all of these items may become standards track RFCs. Some may become
> INFORMATIONAL or EXPERIMENTAL RFCs.
>
> Goals and Milestones:
>
> Done PROPOSED Standard RFCs for public key and attribute
> certificate profiles, CMP, OCSP, CMC, CRMF, TSP, Qualified Certificates,
> LDAP v2 schema, use of FTP/HTTP, Diffie-Hellman POP
> Done INFORMATIONAL RFCs for X.509 PKI policies and practices,
> use of KEA
> Done Experimental RFC for Data Validation and Certification Server
> Protocols
> 8/01 Production of revised certificate and CRL syntax and
> processing RFC (son-of-2459)
> 10/01 Progression of CRMF, CMP, and CMP Transport to DRAFT
> Standard
> 12/01 Production of revised CMC RFCs (updates and split of
> CMC into several parts)
> 12/ 01 DPD/DVP Requirements RFC
> 12/01 Progression of OCSP to DRAFT Standard
> 3/02 DPV/DPD Protocols RFCs
> 3/02 Logotype Extension RFC
> 3/02 Proxy Certificate RFC
> 7/02 Progression of CMC RFCs to DRAFT Standard
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84G2a620941 for ietf-pkix-bks; Tue, 4 Sep 2001 09:02:36 -0700 (PDT)
Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84G2YD20937 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 09:02:35 -0700 (PDT)
Received: from webmail.worldnet.att.net ([204.127.135.60]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010904160231.HDLA18450.mtiwmhc23.worldnet.att.net@webmail.worldnet.att.net>; Tue, 4 Sep 2001 16:02:31 +0000
Received: from [161.215.27.111] by webmail.worldnet.att.net; Tue, 04 Sep 2001 16:02:30 +0000
From: todd.glassey@att.net
To: Carlisle Adams <carlisle.adams@entrust.com>
Cc: "'tho'" <tho@andxor.com>, ietf-pkix@imc.org
Subject: RE: New test TSA available
Date: Tue, 04 Sep 2001 16:02:30 +0000
X-Mailer: AT&T Message Center Version 1 (May 2 2001)
Message-Id: <20010904160231.HDLA18450.mtiwmhc23.worldnet.att.net@webmail.worldnet.att.net>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> Hi tho,
>
> > ----------
> > From: tho[SMTP:tho@andxor.com]
> > Sent: Tuesday, September 04, 2001 4:26 AM
> > To: ietf-pkix@imc.org
> > Subject: Re: New test TSA available
> >
> > hi todd,
> >
> > todd glassey wrote:
> > > 1) In the existing RFC, the data about how the time data was
> > obtained
> > > and how it was managed so that in the future someone can look at TST's
> > from
> > > any number of sources and compare their validity or deviation from the
> > > proscribed time source. This also means a audit model around the time
> > base
> > > itself. And it implies that the operator knows how to manage UTC in
> > relation
> > > to its soft value.
> > >
> > > 2) A declaratory payload - something that can be used to indicate the
> > > intent of the executor of the TST itself. That way going forward in the
> > > future the Courts would not have to interpret that. And maybe other
> > payload
> > > types. Like the BERT Token for instance.
> >
> > i think that these two points should be a matter of policy (and
> > corresponding
> > practice statement) for which we have a pointer inside the TSTInfo
>
> Absolutely.
>
> As far as I can tell, we all understand and agree on this point, except for
> Todd.
>
> [Todd: if you think that these points of yours were being marginalized all
> this time, this may be why. You were either alone or in the extreme
> minority in voicing them, and in IETF "rough consensus" is the only thing
> that leads to any progress at all, so the "rough consensus" opinion is what
> shows up in the RFCs...]
>
> Carlisle.
>
You are right Carlisle - they were marginalized. But the reason that anyone
possibly could marginalize what I was saying was
'cause they refused to state how the Protocol was to
be used. What you and the rest of the Authors did was
to create a protocol for verifying signatures in time
and declared that the be "the Time Stamping protocol"
and that is just plain wrong.
What you should have done is said "we are creating a
protocol to memorialize events in time and to make them
comparable to each other thus." And then with that
simple statem a set of uses could have been nuilt for
the tokens and their creation. Instead what you have
done is built the plumbing for the movement of the
time without qualifying the time so that the content
is essentially anonymous in nature.
If any of you authors had built a real word use model
for this boat-anchor you would have come to the
conslusions I and the other auditors, pki designers,
time keepers, and security specialists who looked at
the protocol did. And that is that the protocol is of
limited if any real-world use since already existing
methods do the same things and are already legally
accepted by Courts on a global basis.
Thus the TSP and its TST's are an overhead not a blessing
of testimonial value.
Sorry -
Todd
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84FxKt20365 for ietf-pkix-bks; Tue, 4 Sep 2001 08:59:20 -0700 (PDT)
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84FxJD20358 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 08:59:19 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id IAA05688; Tue, 4 Sep 2001 08:59:19 -0700 (PDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id LAA24615; Tue, 4 Sep 2001 11:59:17 -0400 (EDT)
Message-ID: <3B94FA41.47317BB8@sun.com>
Date: Tue, 04 Sep 2001 11:58:57 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Housley, Russ" <rhousley@rsasecurity.com>
CC: Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <5.0.1.4.2.20010830132055.02c12600@exna07.securitydynamics.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Russ Housley wrote:
> I do not think that we will see widespread deployment of
> certificates without logos. One measure of success will be the
> number of certificates that average Internet user have. Hopefully
> every Internet user will have at least one. I suspect that as we
> become successful, these logos will be the tag by which users
> select a certificate.
This is an interesting argument. I think you're saying that the user
will find the logo useful when deciding which of his certificates to
use (such as when signing an email or performing client authentication
over SSL). If this were the primary use of logotypes in certificates,
then the risks of displaying an invalid logo would be considerably
reduced (the user might select the wrong one of his certificates to
authenticate with). However, the current logotype Internet Draft does
not describe this use case. All of the use cases described in section
1.1 of that document have the user looking at a logo to decide
whether a certificate presented by some other party is trustworthy.
In those cases, the risks of making an error are much greater.
Unless the author of the Internet Draft indicates otherwise, I will
assume that the primary purpose of putting logotypes in certificates
is so that users can view them to make decisions about whether the
certificates are trustworthy. In that case, the risks are much greater
than those for the use case you described.
> I do not want to see more than one way that logos can be put into
> certificates. That is the most important reason for PKIX to be
> involved in the definition. You seem to agree that the market has
> a demand for logos. Letting each vendor devise an independent way
> to meet this marketing requirement would be very bad for all
> implementors.
Unless we can develop a fairly secure way to meet the "marketing
requirement" for logotypes in certificates, I would say that it is
our obligation as an IETF working group to NOT accept this as a
work item. Much better to have multiple incompatible ways
to do something insecure (probably resulting in little deployment
of this feature) than to have the PKIX working group issue an RFC
explaining the one true way to do it. We are in the Security area,
after all!
> Anyway, we should not have the complete technical debate on a
> threat about the charter.
Certainly, we don't need to have the complete technical debate at
this point. But there should be some requirement that work items
be feasible and provide some security benefit before they are
accepted by this working group. Otherwise, we will waste our time
(and confuse the public) by accepting all sort of ideas and then
having to throw them out.
-Steve
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84Fx0620300 for ietf-pkix-bks; Tue, 4 Sep 2001 08:59:00 -0700 (PDT)
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84FwxD20294 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 08:58:59 -0700 (PDT)
Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id JAA04027; Tue, 4 Sep 2001 09:58:56 -0600 (MDT)
Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id LAA22806; Tue, 4 Sep 2001 11:58:58 -0400 (EDT)
Message-ID: <3B94FA2E.6472B276@sun.com>
Date: Tue, 04 Sep 2001 11:58:38 -0400
From: Steve Hanna <steve.hanna@sun.com>
Organization: Sun Microsystems, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
CC: ietf-pkix@imc.org
Subject: Re: charter revisions
References: <p0501040bb7a8214adf35@[128.33.84.34]> <3B8D57EF.70505C80@sun.com> <p0501040ab7b458549900@[128.33.238.96]>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Stephen Kent wrote:
> Just as a CA may employ various means to verify a subject's claim to
> a name, a CA can employ analogous means to verify a subject's claim
> to a logotype. In fact, this may be relatively easy to verify if the
> logo is a registered trademark (something a CA could require via its
> CPS).
As Michael Ströder pointed out, this may not be easy for CAs. Requiring
that a logo be a registered trademark doesn't mean that there won't be
conflicts. A particular logo can be trademarked by different parties in
different countries. In fact, it can sometimes be trademarked by
different parties in the same country if there is little likelihood of
confusion (as when the goods identified are very different). And it may
be difficult for a CA to judge whether a particular image matches a
registered trademark. Verifying someone's right to use a DNS name or
email address is much easier.
Do we know of any CAs that want to include logotypes in certificates
that they issue, plan to verify those logotypes, and would be willing to
provide some sort of assurances to back that up in their CPS's?
If not, I will claim that including logotypes in certificates will have
a negative effect on security. Some CAs will be glad to charge extra to
include a logotype, but if the CA does not verify the logotype and
disclaims all responsibility for the correctness of the logotype, then
what's the point? The user will be misled into believing that the
logotypes have some security significance.
Certainly, CAs are welcome to include anything they want in their
certificates. But we should not provide a PKIX blessing unless there is
some security benefit.
> >Second, there's no equivalent to name constraints for use in cross
> >certificates. If I cross certify someone, I just have to trust that they
> >(and anyone they certify) will only put proper logotypes into
> >certificates.
>
> This has been my greatest concern as well, and I'd like to see a
> better proposal on how to better control use of the extension.
> Stefan rejected some approaches, and provided rationales for the
> rejections, but that doesn't mean that we have to live with the
> current proposal if the WG finds the inherent security problematic.
Since the logotypes are to be used to identify issuers and subjects,
I think we must develop a solution to this problem. Otherwise, a
cross-certificate represents complete trust in the subject to
certify anyone.
> >Third, an apparently innocuous logotype can change appearance radically
> >when scaled to a smaller size or mapped to a different number of colors.
> >This can be exploited to deceive cell phone users into thinking that
> >they're communicating with their bank, for instance.
>
> I had not considered this issue. we should explore ways that this
> problem might be avoided. presumably anyone displaying a logo on a
> web page has a similar concern, so maybe there are viable means to
> address this issue.
The problem with displaying a logo on a web page is different (unless I
didn't understand you). With a logo in a certificate, we want to make
sure that the person requesting the certificate doesn't trademark a
bogus logo and get it included in their certificate just so they can
trick a user who sees a scaled-down version of the logo into believing
it's a trusted logo. The closest analogy is getting a web server
certificate for paypa1.com (where the letter ell is actually a number
one). If you can get the user to click on an https://www.paypa1.com URL,
the user will think they are viewing a secure paypal website if the font
they use to view URLs displays ell and one the same way.
When viewing a logo on a web page, the user should not make decisions
about whose web page it is based on the logo. Instead, we have been
trying to convince them to look at the host name in the URL and check
that the padlock or key is lit up to indicate that an SSL connection is
in use.
> >Unless these concerns can be addressed, I do not think that this
> >proposal is safe and secure. And I do not think that the IETF should
> >publish an RFC on a fundamentally insecure idea, especially from a
> >security working group.
>
> The attribute RFC has some problems too, in that bad choices of how
> to map an AC to a PKC can result in security failures, right? So,
> the issue is not whether there are insecure ways to make use of the
> extension, but whether there are ways to make its use secure and
> whether, on the balance, we think appropriate use of the extension
> is beneficial, from a security (not marketing) perspective.
Agreed. If we believe that IETF standardization of this extension will
be beneficial from a security perspective, then we should go ahead with
it. Otherwise, we should not. I remain unconvinced.
-Steve
P.S. Note that I have no personal advantage (and, as far as I know, my
employer has no corporate advantage) to gain by the adoption or failure
of this particular proposal. My views are my own and don't represent the
views of Sun Microsystems. I just want to see the working group spend
its energies on worthwhile projects.
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84FkPO18146 for ietf-pkix-bks; Tue, 4 Sep 2001 08:46:25 -0700 (PDT)
Received: from dns01.infocamere.it (dns01.infocamere.it [193.70.148.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84FkND18138 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 08:46:23 -0700 (PDT)
Received: from esd03d.icnet ([193.70.148.67]) by dns01.infocamere.it (Netscape Messaging Server 4.15) with ESMTP id GJ5A1H00.D2E for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 17:36:53 +0200
Received: from infocamere.it ([1.5.16.68]) by esd03d.icnet (Netscape Messaging Server 4.15) with ESMTP id GJ5AIA00.HUD for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 17:46:58 +0200
Message-ID: <3B94F64F.77379910@infocamere.it>
Date: Tue, 04 Sep 2001 17:42:07 +0200
From: "Simonato Carolina" <carolina.simonato@infocamere.it>
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: IETF-PKIX <ietf-pkix@imc.org>
Subject: Question: who signs a CRL if the CAcertificate, that signs it, is immediately revoked?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Hello all!
Suppose a simple situation in which a certificate chain is constituted
only by two certificates: a trusted (by some important authority) root
certificate (self-signed) and an end-entity certificate, signed by that
root certificate.
The same root certificate also signs the certificate revocation list (a
unique crl that contains all revoked certificates- for all reasons).
The problem is: who signs the crl when the root certificate is
immediately revoked, because of, for example, cacompromise?
Probably it is necessary to create a new couple of keys (and so a new
root certificate) and sign the crl with the new ca private key?
Or is it possible to create a couple of CA keys to sign only
certificate revocation list and not to make provision for revoking this
last ca root certificate?
I would like to riceive suggestions about this topic.
Thank you in advance.
regards
Carolina
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84EslL14941 for ietf-pkix-bks; Tue, 4 Sep 2001 07:54:47 -0700 (PDT)
Received: from SOTTMXS01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84EsjD14937 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 07:54:46 -0700 (PDT)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2650.21) id <SDDPPLJJ>; Tue, 4 Sep 2001 10:54:38 -0400
Message-ID: <B8C72DA21548524180BE5AB32D65F6C206D06B@sottmxs09.entrust.com>
From: Carlisle Adams <carlisle.adams@entrust.com>
To: "'tho'" <tho@andxor.com>
Cc: ietf-pkix@imc.org
Subject: RE: New test TSA available
Date: Tue, 4 Sep 2001 10:54:31 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C13551.80FAD5B0"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C13551.80FAD5B0
Content-Type: text/plain
Hi tho,
> ----------
> From: tho[SMTP:tho@andxor.com]
> Sent: Tuesday, September 04, 2001 4:26 AM
> To: ietf-pkix@imc.org
> Subject: Re: New test TSA available
>
> hi todd,
>
> todd glassey wrote:
> > 1) In the existing RFC, the data about how the time data was
> obtained
> > and how it was managed so that in the future someone can look at TST's
> from
> > any number of sources and compare their validity or deviation from the
> > proscribed time source. This also means a audit model around the time
> base
> > itself. And it implies that the operator knows how to manage UTC in
> relation
> > to its soft value.
> >
> > 2) A declaratory payload - something that can be used to indicate the
> > intent of the executor of the TST itself. That way going forward in the
> > future the Courts would not have to interpret that. And maybe other
> payload
> > types. Like the BERT Token for instance.
>
> i think that these two points should be a matter of policy (and
> corresponding
> practice statement) for which we have a pointer inside the TSTInfo
Absolutely.
As far as I can tell, we all understand and agree on this point, except for
Todd.
[Todd: if you think that these points of yours were being marginalized all
this time, this may be why. You were either alone or in the extreme
minority in voicing them, and in IETF "rough consensus" is the only thing
that leads to any progress at all, so the "rough consensus" opinion is what
shows up in the RFCs...]
Carlisle.
------_=_NextPart_001_01C13551.80FAD5B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>RE: New test TSA available</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi =
tho,</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">tho[SMTP:tho@andxor.com]</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Tuesday, September 04, 2001 4:26 =
AM</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans =
Serif">ietf-pkix@imc.org</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans =
Serif">Re: New test TSA available</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">hi todd,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">todd glassey wrote:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> 1) =
In the existing RFC, the data about how the time data was =
obtained</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> and how it was managed so that =
in the future someone can look at TST's from</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> any number of sources and =
compare their validity or deviation from the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> proscribed time source. This =
also means a audit model around the time base</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> itself. And it implies that the =
operator knows how to manage UTC in relation</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> to its soft value.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> 2) A =
declaratory payload - something that can be used to indicate the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> intent of the executor of the =
TST itself. That way going forward in the</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> future the Courts would not have =
to interpret that. And maybe other payload</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> types. Like the BERT Token for =
instance.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">i think that these two points should =
be a matter of policy (and corresponding</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">practice statement) for which we have =
a pointer inside the TSTInfo</FONT>
</UL>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman">Absolutely.</FONT>
</P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">As far as =
I can tell, we all understand and agree on this point, except for =
Todd.</FONT>
</P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman">[Todd: if you think that these points of yours were being =
marginalized all this time, this may be why. You were either =
alone or in the extreme minority in voicing them, and in IETF =
"rough consensus" is the only thing that leads to any =
progress at all, so the "rough consensus" opinion is what =
shows up in the RFCs...]</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New =
Roman">Carlisle.</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C13551.80FAD5B0--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f848QLH18343 for ietf-pkix-bks; Tue, 4 Sep 2001 01:26:21 -0700 (PDT)
Received: from firewall.andxor.it (firewall.andxor.it [195.223.2.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f848QHD18339 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 01:26:18 -0700 (PDT)
Received: from tho.andxor.com (tho.andxor.it [195.223.2.222]) by firewall.andxor.it (8.9.2/8.9.2) with ESMTP id KAA75090 for <ietf-pkix@imc.org>; Tue, 4 Sep 2001 10:26:15 +0200 (CEST) (envelope-from tho@tho.andxor.com)
Received: (from tho@localhost) by tho.andxor.com (8.9.3/8.9.3) id KAA64037 for ietf-pkix@imc.org; Tue, 4 Sep 2001 10:26:29 +0200 (CEST) (envelope-from tho)
Date: Tue, 4 Sep 2001 10:26:29 +0200
From: tho <tho@andxor.com>
To: ietf-pkix@imc.org
Subject: Re: New test TSA available
Message-ID: <20010904102629.B63987@tho.andxor.com>
References: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> <3B8A199E.1E69D01A@certplus.com> <03dc01c134ed$427fa680$020aff0c@tsg1>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <03dc01c134ed$427fa680$020aff0c@tsg1>; from todd.glassey@worldnet.att.net on Mon, Sep 03, 2001 at 07:56:50PM -0700
X-Operating-System: FreeBSD
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
hi todd,
todd glassey wrote:
> 1) In the existing RFC, the data about how the time data was obtained
> and how it was managed so that in the future someone can look at TST's from
> any number of sources and compare their validity or deviation from the
> proscribed time source. This also means a audit model around the time base
> itself. And it implies that the operator knows how to manage UTC in relation
> to its soft value.
>
> 2) A declaratory payload - something that can be used to indicate the
> intent of the executor of the TST itself. That way going forward in the
> future the Courts would not have to interpret that. And maybe other payload
> types. Like the BERT Token for instance.
i think that these two points should be a matter of policy (and corresponding
practice statement) for which we have a pointer inside the TSTInfo
tho
--
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f842wDc15342 for ietf-pkix-bks; Mon, 3 Sep 2001 19:58:13 -0700 (PDT)
Received: from mtiwmhc21.worldnet.att.net (mtiwmhc21.worldnet.att.net [204.127.131.46]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f842w7D15338 for <ietf-pkix@imc.org>; Mon, 3 Sep 2001 19:58:07 -0700 (PDT)
Received: from tsg1 ([12.81.64.34]) by mtiwmhc21.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20010904025753.TMIM1680.mtiwmhc21.worldnet.att.net@tsg1>; Tue, 4 Sep 2001 02:57:53 +0000
Message-ID: <03dc01c134ed$427fa680$020aff0c@tsg1>
From: "todd glassey" <todd.glassey@worldnet.att.net>
To: "Jean-Marc Desperrier" <jean-marc.desperrier@certplus.com>
Cc: <ietf-pkix@imc.org>
References: <200108260300.PAA385198@ruru.cs.auckland.ac.nz> <3B8A199E.1E69D01A@certplus.com>
Subject: Re: New test TSA available
Date: Mon, 3 Sep 2001 19:56:50 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
My Apologies to many of you. This is a another push back against the TSA and
what I believe to be the manner in which criticism to the design or
suggestions for the design have been taken.
As to the complaint Jean-Marc made that no one raised objections, just look
in the archive. Every time I or someone else objected to the draft we were
slammed. Sometimes politely but most times not. Many times I myself got back
a belligerent blast of "NO TODD, WE ARE NOT GOING TO..." and I have to tell
you that people just get tired of being beaten up over the obvious.
For the record - I personally have objected to this time stamping protocol
for the exact same reasons now for the last 3 years. Some of them are listed
below for your reading enjoyment. And it seems from the responses that
nobody was willing to hear that in order for a TS Solution to be embraced by
the world it must have some positive Business Value other than just by
trying to sneak it into law. One would think that the protocol has to do
something positive of value for the transaction process or it has no ongoing
value and as such then becomes an overhead.
Look at this from the standpoint of the Business Operator.
Example #1: they are self insured, so what value in their process is a
timestamp over a simple systems audit process and a timebase management
process. Either way the time data coming out of the report generator has to
be believed... so then what value is the TST in this?
If I believe that both of these are OK, then a simple printed report is all
the Evidence they need. If they need to attach entity to the time data
itself, which is at best a legal stretch, then they can easily hash and sign
the time data itself before they stick it in the DB - they don't need a TST
or a TSA to do this. They can do it with scripts inline in a CGI script or
an ASP model easily and quickly. All they would need is a secured site and a
good audit of the operations of the site and the time management regimen and
viola, what timestamps do they need?
If we need to go to court, you bring your timestamps and the CPS/RPA and I
bring my reports and timebase management audits and we will see who
prevails. So once again I have to ask "why would I want a formal
oken?" -- As it happens, there are a couple of good answers here, but they
both require TSTokens that are much larger so that they can contain the
material being stamped and carry other payloads for things like Notorial
Seal Info.
Otherwise I just cant see anyway to justify this device. Its true, it is a
simple system for passing "unauthenticated and uncertified" time data to a
limited use stamp token, but there is no specific value relative to the
trust model of whether I have a TSA as a TTP or not. As such it adds nothing
to the trust or indemnity model other than its own cost of operations, and
its something that the same operators couldn't get from an application and a
DB and an accompanying affidavit from the Operators.
Example #2 - The business uses a TSA to timestamp the services it provides
instead of relying on just a single field in a DB. Now there is a totally
secured linkage between the TSA and the client server too, and a relational
linkage between the DB rows and the tokens.
Does this reduce the operating liability? probably not unless you can see
how some externally linked token can reduce the operating risk on the
systems underlying the transaction process.
Example #3 - Two busnesses doing business between themselves in front of the
TTP. - So the TTP watches the transaction and issues a token as the receipt
for this service. The next question then is would the token be enough for a
receipt and myself I vote no. They are too small.
The Points:
------------
The point is that Time Stamping was supposed to be more than just checking
to see whether a signature was valid at some point in time as it was in
TSA Draft version 1. The TSP's only value over existing trust processes is
in creating a token that could memorialize an event. And could do so in a
commercial environment in such a way as to add value to the transaction
model. Or to substantiate some legal requirement in a filing process
although most of these would do just fine with a report from some DB
Application.
Time Stamps of the past and today
------------------------------------
TS's have for 10's or years been instances of time data stored in Databases
and that's it. The fact that the report that the report generator printed
time data on it from the DB as part of an event verification or testimony
has been accepted for some time is also very relevant here.
What then would I use a TST for then? Certainly not just for the creation of
the TST, if its just about testing to see whether a signature is valid there
are many ways to do that. No its ablaut creating some portable evidentiary
token to codify some event. The problem is that this TST is so light weight
and ignores all of the background testimony that it has the same legal value
(IMHO) as the testimony of the systems operators. And that makes it
worthless for any historical or long term evidentiary use.
The problem is that much of what also represents the events is the rest of
the row of data or the rows correlated or attached to it forming a larger
event structure. There is no legal difference in this type or report or in
an operator signing a printed report with a Digital Key. Legally they have
exactly the same value. So why then would I invest in or buy a TS Solution
that didn't add more to it.
What's missing is simple. As I have said many times in the past -
1) In the existing RFC, the data about how the time data was obtained
and how it was managed so that in the future someone can look at TST's from
any number of sources and compare their validity or deviation from the
proscribed time source. This also means a audit model around the time base
itself. And it implies that the operator knows how to manage UTC in relation
to its soft value.
2) A declaratory payload - something that can be used to indicate the
intent of the executor of the TST itself. That way going forward in the
future the Courts would not have to interpret that. And maybe other payload
types. Like the BERT Token for instance.
The other problem...
--------------------
In closing I would point out that the services of the PKIX time stamping
service can be had through NTP and perhaps some of Syslog too. And that as
such, this protocol is a piker. It pretty much does what the pre-existing
NTP and Syslog do together and based in that it violated the "no replicating
protocols that have been designed in other WG's" rule. OOOps.
What should have happened is that PKIX should of come up with something
other than a TST as a universal method of attaching time data to tokens or
other objects, something that could be used across all PKIX and a universal
Message Format for PKI based responses as well - and this would have been
big win.
Instead we got what we got after 13 trips to the alter and the demise of the
Notary Draft in the process.
Todd
----- Original Message -----
From: "Jean-Marc Desperrier" <jean-marc.desperrier@certplus.com>
Cc: <ietf-pkix@imc.org>
Sent: Monday, August 27, 2001 2:57 AM
Subject: Re: New test TSA available
>
> Peter Gutmann wrote:
>
> > But the token only allows one version value, v1, which is always present
anyway
> > (that is, it's a non-optional field). Thus my earlier questions, that
there's
> > no way to indicate that you're using draft-n because it's assumed
there's only
> > one version, v1, as per the final RFC. That means that anything from
> > draft-....-01 through to RFCxxxx can only indicate use of v1.
>
> A draft is just that, a draft.
> " It is inappropriate to use Internet-Drafts as reference
> material or to cite them other than as "work in progress"
> And basically, you want them to become reference material.
> There isn't, and hasn't to be a formalism for interoperability between
versions of
> a draft.
>
> What is needed is a finalized version of this protocol in an RFC, so that
_this_
> becomes a reference, and something one can actually use for
interoperability.
> As long as this doesn't exist, the tokens can't be anything more than
laboratory
> experiments.
>
> Therefore the true question is why is this RFC still not there when
supposedly the
> draft is on the last stages of approval since monthes, and there hasn't
been any
> point raised about it in this mailing list since a long time ?
>
>
Received: by above.proper.com (8.11.6/8.11.3) id f82LGFd24145 for ietf-pkix-bks; Sun, 2 Sep 2001 14:16:15 -0700 (PDT)
Received: from [203.46.112.10] (mail.rsasecurity.com.au [203.46.112.10]) by above.proper.com (8.11.6/8.11.3) with SMTP id f82LGCD24141 for <ietf-pkix@imc.org>; Sun, 2 Sep 2001 14:16:13 -0700 (PDT)
Received: from [192.168.18.3] by [203.46.112.10] via smtpd (for [208.184.76.43]) with SMTP; 18 Mar 2001 17:16:28 UT
Received: from exaus01.local.aus.rsa.com (exaus01.local.aus.rsa.com [10.177.1.15]) by grover.local.aus.rsa.com (8.10.2/8.10.2) with ESMTP id f82LK4q26591 for <ietf-pkix@imc.org>; Mon, 3 Sep 2001 07:20:05 +1000 (EST)
Received: by exaus01.local.aus.rsa.com with Internet Mail Service (5.5.2653.19) id <QX7RVL2M>; Mon, 3 Sep 2001 07:11:08 +1000
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.67]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTWCT6SN; Sun, 2 Sep 2001 17:15:44 -0400
Message-Id: <5.0.1.4.2.20010902171229.00aeee78@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Sun, 02 Sep 2001 17:15:30 -0400
To: ietf-pkix@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: RE: charter revisions
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
>Russ:
>
>Do you honestly believe that CA or company based logos in certificates
>will actually bring critical mass to deployments?
No. However, I think that mass deployments will not happen without logos.
>If I have 6 certs from the same company CA - logos does nothing for me
>here in cert selection . . .
I agree that logos do not completely solve the problem of selecting
certificates. However, when the certificates are from different CAs or
thay have distinctly different purposes, then a logo can be a big help.
>-----Original Message-----
>From: Housley, Russ [mailto:rhousley@rsasecurity.com]
>Sent: Thursday, August 30, 2001 10:33 AM
>To: Steve Hanna
>Cc: Stephen Kent; ietf-pkix@imc.org
>Subject: Re: charter revisions
>
>
>
>Steve Hanna:
>
> >I haven't seen any comments on the revised charter yet. Most of it
> >looks good to me. However, I don't think PKIX should do any work on the
>
> >logotype extension. I know that there is a demand for this from
> >marketing folks, but I don't believe that we should standardize it
> >unless it can be used securely. This does not seem possible.
>
>You and I agree on most things, but we have a major disagreement here. I
>do not think that we will see widespread deployment of certificates without
>logos. One measure of success will be the number of certificates that
>average Internet user have. Hopefully every Internet user will have at
>least one. I suspect that as we become successful, these logos will be
>the tag by which users select a certificate.
>
>I do not want to see more than one way that logos can be put into
>certificates. That is the most important reason for PKIX to be involved
>in the definition. You seem to agree that the market has a demand for
>logos. Letting each vendor devise an independent way to meet this
>marketing requirement would be very bad for all implementors.
>
>You seem to be concerned with the security of logos. I am not. From my
>perspective, we are asking CAs to do many things that are harder than
>including a URL and hash of a the appropriate logo. In many, many cases,
>this will be the same logo in every certificate that is issued by that CA.
>
>Anyway, we should not have the complete technical debate on a threat
>about the charter. I strongly encourage the PKIX working group to include
>this area in the charter sent forward to the Area Directors for approval.
>Once the revised charter is approved, we can have the technical debate and
>sort out the details.
>
>Russ
- announcement of the rescheduled directory meeting… Hoyt L. Kesterson II